Configuring IBM QRadar rules

Create IBM QRadar rules to trigger alerts on important events.

Complete the following steps to create the rules:

  1. Select and open the target event.

  2. Find some unique properties of the target event. For example, QID is unique for a particular event type.

  3. Navigate to rules: Offenses > Rules.

  4. Click Action > New Event Rule.

  5. Give a unique name to the rule in the Apply section.

  6. Add the appropriate unique conditions to a rule to trigger the event you want.
  7. Click Next.

  8. Apply the Rule Action, Rule Response, and Response Limiter.

  9. Click Next to review the rule.

  10. Click Finish.

  11. Find all created rules under the Rules tab. You can put the created rules in a different group.