Viewing Event Insights

Noise in FIM is a major concern for security teams. Large number of events directly impact the event analysis process, making it difficult for the security teams to find the signal that they look for amidst all the noise.

Quite often, it is observed that only a handful of rules in FIM Profile cause the noise. Having precise visibility into such rules makes the fine-tuning process extremely efficient.

The Event Insights tab in Qualys FIM enables you to have a thorough insight into the change events on your FIM console. This page displays information like FIM Profile, Rule Name, Event Count, Percentage, Create, Rename, Delete, Attributes, and Content to help you with a clear perception. 

Hover over the FIM Profiles to see the complete FIM Profile name. 

Once you have a precise understanding of the FIM profile and the rules generating noise or false positives, you can select the profile and click Quick Actions > Edit Profile to fine-tune the specific rule by adding relevant inclusion/exclusion filters. Fine-tuning the rule helps you reduce the noise and make sure that only the events of interest reach the FIM console.

Related Topics

Qualys Query Library

Events

Incidents

Configuration of correlation rules to auto create incidents

Configuration of rule-based alerts for events and incidents