Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring the Rule Explorer in QRadar Use Case Manager

 

The rule explorer uses QID records and DSM event-mapping information to help determine rule coverage by log source type. The rule explorer loads automatically, but you can refresh the settings at any time.

  1. Go to the Admin tab.
  2. On the Apps page, click JSA Use Case Manager >Configuration.
  3. To sync with the data in JSA, click Sync QID Records. This process might take approximately 30 minutes to complete. You can still use the app while the records are syncing, but the data you work with might not be accurate.
  4. To manually refresh event mappings, click Sync DSM event mappings.

    When you install the app for the first time, it automatically syncs after installation. If you upgrade to JSA Use Case Manager 2.0.0 or later, you don't need to sync.

  5. To back up your MITRE mappings (custom and IBM default), click Export MITRE mappings. You can then import this backup file later on the rule explorer page.

    Only the custom mappings are imported from the file.