Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring QRadar Use Case Manager with Up-to-date Rules in QRadar 7.3.1

 

To tune your environment, you must configure the app first by making sure that you have an up-to-date rules file.

If you are using QRadar 7.3.1, you must follow this procedure. If you are using QRadar 7.3.2 or later, the rules file is automatically uploaded to the app.

  1. Go to the Admin tab.
  2. On the Apps page, click QRadar Use Case Manager.
  3. In the Upload a Rules File section, drag a file from your hard disk, or browse to select a file. The rules.xml file upload limit is 50 MB.
  4. To generate an up-to-date rules file, follow these steps:
    1. Download the package.txt file from your QRadar instance and place it in the /tmp directory.

    2. From the /tmp directory, run the following command: /opt/qradar/bin/contentManagement.pl --action export --content-type package --file package.txt

    3. Copy the updated file to a Windows directory, extract the xml file, and then upload it to the app.