Configuring QRadar Use Case Manager with Up-to-date Rules in QRadar 7.3.1
To tune your environment, you must configure the app first by making sure that you have an up-to-date rules file.
If you are using QRadar 7.3.1, you must follow this procedure. If you are using QRadar 7.3.2 or later, the rules file is automatically uploaded to the app.
- Go to the Admin tab.
- On the Apps page, click QRadar Use Case Manager.
- In the Upload a Rules File section, drag a
file from your hard disk, or browse to select a file. The
rules.xmlfile upload limit is 50 MB.
- To generate an up-to-date rules file, follow these steps:
package.txtfile from your QRadar instance and place it in the
/tmpdirectory, run the following command:
/opt/qradar/bin/contentManagement.pl --action export --content-type package --file package.txt
Copy the updated file to a Windows directory, extract the xml file, and then upload it to the app.