New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IBM C1000-156 Exam - Topic 4 Question 7 Discussion

Actual exam question for IBM's C1000-156 exam
Question #: 7
Topic #: 4
[All C1000-156 Questions]

What are some of the supported custom property expression types in QRadar?

Show Suggested Answer Hide Answer
Suggested Answer: B

IBM QRadar SIEM supports various types of custom property expressions to allow users to extract and parse data from logs in flexible and powerful ways. Among the supported custom property expression types, Regex, JSON, and LEEF are frequently utilized:

Regex (Regular Expressions): Regular expressions are a powerful tool used for pattern matching and extraction in text. In QRadar, regex can be used to create custom properties that parse specific patterns from log data, allowing for detailed and precise data extraction.

JSON (JavaScript Object Notation): JSON is a widely used data interchange format that is lightweight and easy to read and write. QRadar supports JSON expressions to parse and extract structured data from logs formatted in JSON.

LEEF (Log Event Extended Format): LEEF is a log format used by various devices to structure log data in a consistent manner. QRadar can utilize LEEF expressions to extract data from logs that use this format.

These types of expressions enhance QRadar's ability to handle diverse log formats and enable more accurate and efficient data analysis.

Reference IBM Security QRadar SIEM and IBM Security QRadar EDR integration.pdf


by Douglass at Jun 24, 2024, 05:08 AM

Limited Time Offer

25%

Off

Get Premium C1000-156 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cristen
3 months ago
Nah, I’m pretty sure it’s B with JSON included.
upvoted 0 times
...
Haydee
3 months ago
I thought HTML was supported too, but I guess not.
upvoted 0 times
...
Oretha
3 months ago
Wait, JSON is not in the list? That's surprising!
upvoted 0 times
...
Lindsey
4 months ago
Totally agree, A is the right choice!
upvoted 0 times
...
Nickie
4 months ago
I think it's Regex, RDBMS, and LEEF.
upvoted 0 times
...
Georgene
4 months ago
I thought RDBMS was a supported type too, but I can't remember if it was with Regex or something else.
upvoted 0 times
...
Ryann
4 months ago
I’m leaning towards option B because I remember LEEF being a common format, but I’m not completely confident about JSON.
upvoted 0 times
...
Ethan
4 months ago
I practiced a question similar to this, and I feel like JSON was mentioned, but I can't recall if it was paired with LEEF or something else.
upvoted 0 times
...
Elina
5 months ago
I think I remember that Regex is definitely one of the types, but I'm not sure about the others.
upvoted 0 times
...
Erasmo
5 months ago
Ah, I remember learning about this in the QRadar training. I believe the correct answer is B - Regex, JSON, and LEEF are the supported custom property expression types. I'm pretty confident in that.
upvoted 0 times
...
Dulce
5 months ago
Okay, let me see. I remember that QRadar supports Regex, but I'm not sure about the other types. I think it might be B, but I'm not 100% certain.
upvoted 0 times
...
Erasmo
5 months ago
Hmm, I'm a bit unsure about this one. I know QRadar supports some custom property expressions, but I can't recall the exact types off the top of my head. I'll have to think this through carefully.
upvoted 0 times
...
Carol
5 months ago
I'm pretty confident that the answer is B. Regex, JSON, and LEEF are the supported custom property expression types in QRadar.
upvoted 0 times
...
Emeline
5 months ago
Okay, let me think this through. If there's no approval process, the system will likely just execute the payments directly. I'll mark A and B as the correct answers.
upvoted 0 times
...
Vashti
5 months ago
I think the answer is B. Cheeseburgers. We buy them regularly without much thought, so that seems like the most habitual decision.
upvoted 0 times
...
Lewis
2 years ago
I feel like I'm back in my database management class. RDBMS should definitely be an option here. I'm going with B, but with a bit of hesitation.
upvoted 0 times
Roslyn
2 years ago
I think Regex is crucial too. I'll choose D.
upvoted 0 times
...
Carlton
2 years ago
I agree, RDBMS is important. I'm going with A.
upvoted 0 times
...
...
Sheridan
2 years ago
Regex, JSON, and LEEF - that's the holy trinity of QRadar custom properties. B is the way to go, no doubt.
upvoted 0 times
...
Annamaria
2 years ago
Haha, HTML as a custom property expression type? What is this, a web design exam? Definitely going with B.
upvoted 0 times
Nan
2 years ago
B) Regex, JSON, LEEF
upvoted 0 times
...
Justine
2 years ago
Yeah, HTML does seem odd. B it is.
upvoted 0 times
...
Dwight
2 years ago
I agree, HTML seems out of place here. B does seem like the most logical choice.
upvoted 0 times
...
Ming
2 years ago
B) Regex, JSON, LEEF
upvoted 0 times
...
...
Whitney
2 years ago
I think the correct answer is D) Regex, JSON, HTML because those are commonly used in QRadar.
upvoted 0 times
...
Rodrigo
2 years ago
But I read somewhere that RDBMS is also supported.
upvoted 0 times
...
Avery
2 years ago
I'm a little iffy on the options here. Shouldn't RDBMS be one of the choices? I thought that was a core part of QRadar's capabilities.
upvoted 0 times
Benedict
2 years ago
I think the correct options are Regex, RDBMS, LEEF for supported custom property expression types in QRadar.
upvoted 0 times
...
Benedict
2 years ago
Yes, RDBMS is actually supported in QRadar for custom property expression types.
upvoted 0 times
...
...
Teri
2 years ago
I believe it's Regex, JSON, LEEF.
upvoted 0 times
...
Rodrigo
2 years ago
I think the supported custom property expression types in QRadar are Regex, RDBMS, LEEF.
upvoted 0 times
...
Berry
2 years ago
Option B seems the most accurate to me. Regex, JSON, and LEEF are definitely supported in QRadar.
upvoted 0 times
Chanel
2 years ago
I'm leaning towards option A. Regex and LEEF are supported, but I'm not sure about RDBMS.
upvoted 0 times
...
Refugia
2 years ago
I think option D might be a possibility too. Regex and JSON are definitely supported, but I'm not sure about HTML.
upvoted 0 times
...
Danica
2 years ago
I agree, option B is the correct one. Regex, JSON, and LEEF are indeed supported in QRadar.
upvoted 0 times
...
...

Save Cancel