You are tasked with configuring IBM Security QRadar SIEM V7.2.7 to pull a log file that generated daily at midnight from a custom application on a Microsoft© Windows Server.
Which log source protocol should be used to accomplish this task?
A. WinCollect MSRPC
B. WinCollect Agent
C. WinCollect Log File
D. WinCollect File Forwarder
Answer: B
A Deployment Professional has a reference list of usernames that is used in rules. The Deployment Professional needs to be able to remove a username from the reference list when an offense is detected from a log event.
How can a Deployment Professional accomplish this goal?
A. As a rule response, select update Reference Set option
B. As a rule response, select remove from Reference Set option
C. As a rule response, select execute custom action in order to call REST-API:
UPDATE: /reference_data/sets/{name}
D. As a rule response, select execute custom action in order to call REST-API:
REMOVE: /reference_data/sets/{name}/{value}
Answer: B
