Which type of rule requires a saved search that must be grouped around a common parameter
Which two high level Event Categories are used by QRadar? (Choose two.)
A Security Analyst has noticed that an offense has been marked inactive.
How long had the offense been open since it had last been updated with new events or flows?
What is the effect of toggling the Global/Local option to Global in a Custom Rule?
