QRadar SIEM - Create a rule for Malware domain detection

In the previous post, I already created a Reference set for Malware domain.
This time, we will create a rule when one of the malware domain list matches our proxy server domain event properties.

1 Create Rule
   Offences > Rule > Action > New event rule

2. Select Event properties. Click these event properties

3. Select Reference Set. Click these reference set(s)

4. Next. Add your email address for alert.