IC SunsetThe developerWorks Connections platform will be sunset on December 31, 2019. On January 1, 2020, this forum will no longer be available. More details available on our FAQ.
Topic
  • 3 replies
  • Latest Post - ‏2013-10-24T17:35:44Z by Aaron_Breen(IBM)
SystemAdmin
SystemAdmin
683 Posts

Pinned topic Q: a way of transporting BB and Rules between dev/QA and Production?

‏2011-11-02T11:37:39Z |
Hello,

is there is way to transport Rules and Building Blocks between QA/Dev Qradar instances and Production? Would i want to do is to develop on non-production instances, do majority of research there and transport to production, followed by some limited testing and further tuning.

Any ideas on exporting/importing rules are welcome, scripting is not a problem.

-J.-------Posted BY Jakub Wartak
  • KKadow
    KKadow
    1 Post

    Re: Q: a way of transporting BB and Rules between dev/QA and Production?

    ‏2013-10-22T17:30:23Z  

    I noticed Import/Export was listed as a feature for the 7.1 release, but I don't see an easy option to actually do this in either 7.1 or 7.2?

     

    Is there a reasonable mechanism for exporting and importing rules and/or building blocks between two QRadar systems both running v7.2p2?

  • Nikodim
    Nikodim
    32 Posts

    Re: Q: a way of transporting BB and Rules between dev/QA and Production?

    ‏2013-10-23T14:46:25Z  
    • KKadow
    • ‏2013-10-22T17:30:23Z

    I noticed Import/Export was listed as a feature for the 7.1 release, but I don't see an easy option to actually do this in either 7.1 or 7.2?

     

    Is there a reasonable mechanism for exporting and importing rules and/or building blocks between two QRadar systems both running v7.2p2?

    There's a CMT (Content Management Tool) available both in QRadar 7.1 and 7.2.

    You can export and import basically all security content:

    • Dashboards
    • Reports
    • Saved Searches
    • Reference Sets
    • Custom and Calculated Properties
    • Custom Rules and Building Blocks
    • Groups

    Check the attached document for details (from QR 7.1).

  • Aaron_Breen(IBM)
    Aaron_Breen(IBM)
    150 Posts

    Re: Q: a way of transporting BB and Rules between dev/QA and Production?

    ‏2013-10-24T17:35:44Z  
    • Nikodim
    • ‏2013-10-23T14:46:25Z

    There's a CMT (Content Management Tool) available both in QRadar 7.1 and 7.2.

    You can export and import basically all security content:

    • Dashboards
    • Reports
    • Saved Searches
    • Reference Sets
    • Custom and Calculated Properties
    • Custom Rules and Building Blocks
    • Groups

    Check the attached document for details (from QR 7.1).

    CMT is not a supported tool in 7.1 or current 7.2. It was a pre-release to the services group and a specific set of customers. We found issues which are scheduled for the next release. Please refrain for using this until you see it in the release notes and official documentation page