en flag +1 214 306 68 37

QEFC Exclude From Correlation

qefc-logo

QEFC Exclude From Correlation for IBM Security QRadar SIEM is an extension that allows users to temporarily prevent rules from generating new offenses for specific offense sources (username, IP address, etc.).

The application is useful when the incident response team has already identified a compromised host or username and do not need further notifications for the same source until the asset is fully recovered.

QEFC Package Contains the Following Security Content:

  • QRadar application (a new button on the offense details page and configuration page in Admin tab);
  • A custom rule which matches event/flow property (Username and Source IP by default) with data in the reference set populated with a button click.

qefc

QRadar Native Alternatives

There is no such native functionality in QRadar. Analysts must manually change all rules that might trigger the required property.

License

Open Source / Apache 2.

IBM App Exchange

Available as a complimentary app within a commercial tool purchase.

More about ScienceSoft's Cybersecurity Services and Solutions