Use case: Monitor policies for violations

IBM® QRadar® Risk Manager can continuously monitor any predefined or user-generated question in Policy Monitor. You can use monitor mode to generate events in QRadar Risk Manager.

When you select a question to be monitored, QRadar Risk Manager analyzes the question against your topology every hour to determine if an asset or rule change generates an unapproved result. If QRadar Risk Manager detects an unapproved result, an offense can be generated to alert you about a deviation in your defined policy. In monitor mode, QRadar Risk Manager can simultaneously monitor the results of 10 questions.