IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Add Bulk Rule In Qradar

    Posted Wed July 22, 2020 05:00 PM
    Hi,

    I want to add bulk rule to resilient from an excel. Is there any way to import rules? We can add from action api endpoint but I wondered that is there any way to that in easy way.

    Best

    ------------------------------
    Jasmine
    ------------------------------


  • 2.  RE: Add Bulk Rule In Qradar

    Posted Wed July 22, 2020 07:12 PM
    I'm sorry there is an misconfiguration in subject. As I can't  edit the subject, I corrected is as ::Add Bulk Rule In Resilient

    ------------------------------
    Jasmine
    ------------------------------

    Original Message


  • 3.  RE: Add Bulk Rule In Qradar

    Posted Thu July 23, 2020 12:01 PM
    Hi Jasmine,

     I would personally recommend to find some commonalities between the rules so you minimize the number of rules.

    creating the rules depends where are the rules exist (excel file, just. general idea, can you give me example?

    I would always use APIs to add bulk configurations. you can find the APIs node in the documentation. you can create one rule manually. and then query it and use it as a template for the next.

    Hope it is clear enough. let me know if you want more info.

    Amr I. Awad

    ------------------------------
    Amr Awad
    ------------------------------

    Original Message


Related Content