Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

QRadar Tuning

 

IBM QRadar Use Case Manager provides several ways to tune your QRadar environment.

Tune Your QRadar Offenses by Analyzing Rules That Cause the Biggest Number Of Offenses

Tune most active rules

QRadar Use Case Manager can help you determine which rules generate the most offenses, and then guide you through the steps to tune them.

Tune based on the CRE event report

The Custom Rules Engine (CRE) event report shows which CRE events were generated most often. It also provides information about the rule activity. You can tune these rules or use the event information from the report to update your QRadar environment.

Tune Your QRadar Offenses by Going Through the Most Common Configuration Steps

Review network hierarchy

Network Hierarchy is used to define which IP addresses and subnet are part of your network. Defining your network hierarchy and keeping it up-to-date is an important step in helping prevent false offenses.

Review building blocks

Rules use information about your servers to determine whether to generate the rule responses. Review and update common rule building blocks to enable QRadar to discover and classify more servers on your network, and prevent false positives.