Export rule data in CSV, XML, or HTML formats. Use CSV format to further process rule data or view it in Excel. Export rules in HTML format to view offline. Use XML format so that you can import the rule data into another QRadar® deployment. Export rules with MITRE and custom rule attribute mappings. You can also create a manifest.txt file that is added to the exported .zip file. Export rules to a formatted HTML report that can be viewed offline.
About this task
- On the Use Case Explorer page, pick one of the following
- To export all the rules in the table report, click the Download icon in the menu bar.
- To export selected rules in the table report, click the pencil icon in the report table to display checkboxes for each table row. Then, select the relevant rules or building blocks that you want to export, and click Export selected rules.
- To export rule data in the report to CSV format that you can further
process or view in Excel, select the first option in the Export window, and
enter a name for the CSV file. If you want to adjust the content to export, use the option to control column visibility and order (gear icon) on the report view.
- To export rules and their dependencies, such as custom properties and
reference sets, to an XML file for importing into another QRadar deployment, select the
second option in the Export window. By default, the
checkboxes for exporting MITRE mappings and for custom rule attribute mappings are enabled if the
rules contain the mappings. The exported files are generated concurrently in a
Tip: You import the XML file as a content extension in another QRadar deployment. For more information, see Installing extensions by using Extensions Management.
- Click Next.
- To create a manifest.txt file that is added to the exported
.zip file, select the Include manifest.txt checkbox. The
manifest file contains the extension name (mandatory), author (mandatory), description, unique ID,
version, and support email information. These fields appear in the Extensions
Management page when you import the file in another QRadar deployment.
If you export more rules and use the same extension name and unique ID in the manifest.txt file, there is one entry in the Extensions Management window upon import.
- To export rules to a formatted HTML report that you can view offline,
select the third option in the Export window. By default, the dependencies,
dependents, and visualizations for the selected rules are included in the exported
.zip file. Share the .zip file with colleagues or
management who don't have access to QRadar or QRadar Use Case
Manager. The exported HTML file includes instructions on how to use the exported report.
- Click Export.