How to automate rule imports for the QRadar Tuning App (XML format)

How To

Summary

The QRadar Use Case Manager application allows administrators to evaluate and tune specific portions of QRadar, review rule coverage, and more. Administrators who want the Use Case Manager to evaluate rules must export their rules from QRadar using the generate-rules-script.sh utility. This utility generates an XML copy of the current QRadar rule set and can be automated so the administrators can import the information in to the QRadar Use Case Manager application to keep their rules up-to-date with the latest changes.

Objective

Notice: The QRadar® Tuning app has been renamed to QRadar Use Case Manager. The support article that describes how to export rules to an XML file for the Use Case Manager app has been moved here: https://www.ibm.com/support/pages/node/875162

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"Use Case Manager App","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

How to automate rule imports for the QRadar Tuning App (XML format)

How To

Summary

Objective

Document Location

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?