It just means that searches which are used for Retention buckets will not be exported (and therefore not imported). You will need to re-create Retention bucket settings manually on the target system if required.
Original Message:
Sent: Mon May 27, 2024 08:03 AM
From: Vedran Zulin
Subject: Migrating rules and dependencies from an All-In-One to a distributed environment?
Hi John,
thanks a lot - I'll certainly have a look at Jose's videos!
Meanwhile, while executing the following command:
./contentManagement.pl --action export -c all
I got dozen of "[INFO] Found a search that is pertaining to the Retention Policy. We currently and temporarily do not support export or import of that content as a better solution from the ground up is scheduled to worked on very soon." errors back.
Any workaround (and/or an explanation) for this?
Thanks again,
kind regards
------------------------------
Vedran Zulin
Original Message:
Sent: Mon May 27, 2024 07:00 AM
From: John Dawson
Subject: Migrating rules and dependencies from an All-In-One to a distributed environment?
Hi Vedran
Jose Bravo has a series of videos on this
https://www.youtube.com/watch?v=MBoaYUZCnZQ
There should be no differebce in filesystem-level permissions.
You may also need to consider any CEP's used in the rules/BB's which are being migrated.
Thanks
------------------------------
John Dawson
Qradar Support Architect
IBM
Original Message:
Sent: Sun May 26, 2024 05:41 AM
From: Vedran Zulin
Subject: Migrating rules and dependencies from an All-In-One to a distributed environment?
Hi all,
has anyone tried to migrate rules, BBs (and dependencies) from an All-In-One (Playground) to a distributed (Pre/prod) environment?
Any thoughts on feasibility, what to watch out for (filesystem-level permissions which may be different?) etc. would be greatly appreciated.
There are a few docs available on how this should work (by using the CMT tool etc.), however I`d still like to hear real world experiences... :)
QRadar: How to export current Custom Rules and Building Blocks to a CSV
QRadar: Best practices when using the Content Management Tool to export custom data
Importing content by using the content management script
Many thanks in advance!
------------------------------
Vedran Zulin
------------------------------