Configuring IBM QRadar rules
Create IBM QRadar rules to trigger alerts on important events.
Complete the following steps to create the rules:
-
Select and open the target event.
-
Find some unique properties of the target event. For example, QID is unique for a particular event type.
-
Navigate to rules: Offenses > Rules.
-
Click Action > New Event Rule.
-
Give a unique name to the rule in the Apply section.
- Add the appropriate unique conditions to a rule to trigger the event you want.
-
Click Next.
-
Apply the Rule Action, Rule Response, and Response Limiter.
-
Click Next to review the rule.
-
Click Finish.
-
Find all created rules under the Rules tab. You can put the created rules in a different group.