IBM Support

QRadar: In the rule conditions select an X-Force IP category is blank

Question & Answer


Question

In the QRadar rule conditions, the Select an X-Force IP category and click 'Submit' drop down is empty. How do I select an IP category?

Cause

This issue occurs when the X-Force Threat Intelligence Feed is not enabled on your QRadar appliance. The feed must be enabled to use any X-Force rules.

Symptom

The X-Force-related rule condition displays a blank category as the only option.
XForce category
 

Diagnosing The Problem

  1. Log in to the QRadar console as an admin.
  2. Open the Admin tab.
  3. Open System Settings.
  4. Check whether Enable X-Force Threat Intelligence Feed is set to Yes or No.
    XForce2

    Result
    If the setting is No, it must be set to Yes and the changes must be deployed.

Answer

  1. Log in to the QRadar console as an admin.
  2. Open the Admin tab.
  3. Open System Settings.
  4. Make sure Enable X-Force Threat Intelligence Feed is set to Yes.XForce3
  5. On the Admin tab, click Deploy Changes.

    Result
    After the deployment finishes, the X-Force IP categories are visible.
    XForce4

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
13 June 2023

UID

ibm16955775

Page Feedback