Visualize the rules and building blocks that are used in IBM®
QRadar®. After you organize the
rule report, you can visualize the data through relationship graphs and coverage maps, and export
the data to share with others.
Procedure
-
To show or hide the visualization pane, click the eye icon. Zoom in or out to see the
relationships of rules or building blocks and their dependencies. Depending on the number of items,
the graph visualizes a portion of the results.
- To get better results, refine the search by using the filters.
-
To ensure that you're visualizing up-to-date content, refresh the rules with content from QRadar. The default refresh interval is
every 15 minutes.
For example, you install a new content extension and want to see
the data right away, rather than wait for the next refresh interval.
- To expand the visualization pane to the width of your screen, click
the maximize icon () on the menu bar of the pane. Zoom in or out to
focus on details.
Important: The zoom capability is not supported on Mozilla Firefox. Use the browser
control to zoom in and out.
- To switch between visualization charts, click View
visualization charts and select from Relationship graph,
MITRE ATT&CK, or Current and potential log source type
coverage. For more information about log source type coverage, see Visualizing log source type coverage per rule.
What to do next
Exporting rules