Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Sharing MITRE-mapping Files

Save time and effort when mapping rules and building blocks to tactics and techniques by sharing rule-mapping files between QRadar instances.

Use the Export option to create backups of the mappings in your environment. You can also use the Export and the Import options to move rules from one deployment to another, rather than manually copying the rules.

  1. To export only the MITRE mappings for the rules in the current report view, use the following steps:
    1. On the Use Case Explorer page, click ATT&CK Actions >Export rules for current view.

    2. Type a name for the JSON file, and click Export.

  2. To export all of the rule MITRE mappings, use the following steps:
    1. On the Use Case Explorer page, click ATT&CK Actions >Export all.

    2. Type a name for the JSON file, and click Export.

  3. To import a rule mappings file, use the following steps:
    1. On the Use Case Explorer page, click ATT&CK Actions >Import.

    2. Click the import icon, browse to the file location on your system and select the file, and then click Import.

  4. To export mappings from the MITRE ATT&CK Mapping page, see Editing MITRE Mappings in Multiple Rules or Building Blocks.