Enabling X-Force rules in IBM QRadar

By adding the IBM Security Threat Content application to your QRadar system, X-Force rules are added to the Rules List. The rules must be enabled before you can use them.

1. Click the Log Activity tab.
2. On the toolbar, click Rules > Rules.
3. From the Group menu, click Threats.

   The Group column might show both legacy and enhanced rules. By default, X-Force legacy rules are disabled. However, you might see legacy rules that are enabled. Use the newer enhanced rules in the Threat group, and not the legacy rules that use the remote nets.

4. Select the X-Force rules in the Threat group and click Actions > Enable/Disable.