What is the difference between an unknown event and a stored event?

In QRadar, "unknown events" refer to data that is collected and parsed by the system but cannot be accurately mapped or categorized to a specific log source due to lack of sufficient information or matching criteria. On the other hand, "stored events" imply that the data has been retained in the system but may not be fully understood or parsed by QRadar, possibly due to it not conforming to expected formats or lacking recognizable patterns. This distinction highlights the challenges in data categorization and analysis within a SIEM system, where not all collected data can be immediately attributed to known sources or fully analyzed due to various constraints .