Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Exporting Rules

Export rule data in CSV or XML formats. Use CSV format to further process rule data or view it in Excel. Export rules in HTML format to view offline. Use XML format so that you can import the rule data into another QRadar deployment. Export rules with MITRE and custom rule attribute mappings. You can also create a manifest.txt file that is added to the exported .zip file.

You must be an administrator to export rule data to XML format.

  1. On the Use Case Explorer page, pick one of the following methods.
    1. To export all the rules in the table report, click the Download icon in the menu bar.
    2. To export selected rules in the table report, click the pencil icon in the report table to display checkboxes for each table row. Then, select the relevant rules or building blocks that you want to export, and click Export selected rules.
  2. To export rule data in the report to CSV format that you can further process or view in Excel, select the first option in the Export window, and enter a name for the CSV file.
    If you want to adjust the content to export, use the option to control column visibility and order (gear icon) on the report view.
  3. To export rules and their dependencies, such as custom properties and reference sets, to an XML file for importing into another QRadar deployment, select the second option in the Export window. By default, the checkboxes for exporting MITRE mappings and for custom rule attribute mappings are enabled if the rules contain the mappings. The exported files are generated concurrently.
    Tip:

    Exporting to XML is supported on QRadar 7.4.0 or later.
    1. Click Next.
    2. To create a manifest.txt file that is added to the exported .zip file, select the Include manifest.txt checkbox. The manifest file contains the extension name (mandatory), author (mandatory), description, unique ID, version, and support email information. These fields appear in the Extensions Management page when you import the file in another QRadar deployment.
      If you export more rules and use the same extension name and unique ID in the manifest.txt file, there is one entry in the Extensions Management window upon import.
  4. To export rules to a formatted HTML report that you can view offline, select the third option in the Export window. By default, the dependencies, dependents, and visualizations for the selected rules are included in the exported .zip file. Share the .zip file with colleagues or management who don't have access to QRadar or QRadar Use Case Manager.
    The exported HTML file includes instructions on how to use the exported report.
  5. Click Export.
Use the CSV file to further investigate your rules. Share or import the XML file into another QRadar deployment.