A Deployment Professional is working with a customer running an IBM Security QRadar SIEM V7.2.7 installation that is currently running into performance issues. The customer is noticing that searches are taking a long time to finish and there are performance degradation system notifications in the Console.
Which two steps will lead to a performance increase for this customer? (Choose two.)
A customer expanded operations by merging with an acquisition, adding additional traffic. Overall concerns have surfaced about event collecting, and the Deployment Professional is asked about deployment costs, security, and resiliency due to the additional network segments. The focus is on keeping the overall SIEM collecting events as the priority.
Which deployment architecture collection method will meet this need?
After creating a custom Log Source Extension to parse a Source IP address from this event snippet 'IP Address: (10.20.30.40), the Source IP is not being extracted from the payload.
The Log Source Extension is showing the following:
IP\sAddress:\s\((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
Which Regular Expression should be used to ensure the Source IP is parsed properly?
A Deployment Professional wants to reduce the number of false positives being generated by a WebSense log source.
Which rule test could be created to solve this problem, assuming the Building Blocks have been updated for the customer's environment?
A Deployment Professional needs to store information in the IBM Security QRadar SIEM V7.2.7 asset database which is provided from the customer's configuration management data base (CMDB). The CMDB provides a nightly dump of information like 'Technical Owner' and ''Asset weight' tied to an IP address.
Which integration mechanism with QRadar will allow this information to be maintained?