Why would an analyst update host definition building blocks in QRadar?

adminFebruary 8, 2022

A. To reduce false positives.

B. To narrow a search.

C. To stop receiving events from the host.

D. To close an Offense

Explanation:
Building blocks to reduce the number of offenses that are generated by high volume traffic servers.

Reference: https://www.ibm.com/docs/en/qsip/7.4?topic=phase-qradar-building-blocks

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions