QID map overview
Use the IBM® QRadar® Identifier (QID) map utility to create, export, import, or modify user-defined QID map entries.
A QRadar Identifier (QID) is a numeric representation of a specific event. Each QID includes a name, description, severity, and low-level category.
A QID map associates an event on an external device to a QID.
See the following tasks for QID management:
- Creating a QID map entry
- Modifying a QID map entry
- Importing Qid map entries
- Exporting QID map entries
To run the utility, use the following syntax:
qidmap_cli.sh [-l|-c|-m|-i[-f <filename>]|-e[-f
<filename>]|-d]
The following table describes the command-line options for the QID map utility.
Options | Description |
---|---|
-l | Lists the low-level category. |
-c | Creates a QID map entry |
-m | Modifies an existing user-defined QID map entry. |
-i | Imports QID map entries. |
-e | Exports existing user-defined QID map entries. |
-f <filename> | If you include the -i or -e option, specifies a file name to import or export QID map entries. |
-d | If you include the -i or -e option, specifies a delimiter for the import or export file. The default is a comma. |
-h | Displays the help options. |