Two multi-site companies with international presences are merging and consolidating their operations. The companies have decided that the relevant information on each site must be available to the local users only.
How should IBM Security QRadar SIEM V7.2.7 be configured to comply with this request?
A. The domains must be used with security profiles to limit the available information to a group of users within that domain.
B. The networks must be used with security profiles to limit the available information to a group of users within that domain.
C. The multi-tenancy must be configured to isolate the users and then domains will be used to assign log sources and networks to these users.
D. The multi-tenancy must be configured to allow each company to isolate and control their assets, log sources, users, networks, flows, and dashboards.
Answer: C
A client has configured a log source to forward events to IBM Security QRadar SIEM V7.2.7. It is recommended that the log source level be configured at the notice level by the DSM Guide, but the client has a policy to log all events at a debug level. The Deployment Professional notices that the configured DSM is parsing most events, but some are being labeled as stored. The client is very interested in correlating some of the events that are being stored.
What should be created to meet this client's goal?
A. Custom flow property
B. Custom event property
C. Custom DSM for parsing overrule
D. Custom DSM for parsing enhancement
Answer: D
