Uploading files to cases

As an administrator, you can upload external packet capture (pcap) files and documents, such as spreadsheets, text files, and image files, to IBM QRadar Incident Forensics Case Management.

The following file types are supported:
  • HyperText Markup Language
  • XML and derived formats
  • Microsoft Office document formats
  • OpenDocument Format
  • Portable Document Format
  • Electronic Publication Format
  • Rich Text Format
  • Compression and packaging formats
  • Text formats
  • Audio formats
  • Image formats
  • Video formats
  • Java™ class files and archives
  • The mbox format

Case Management restricts both the number of files that you can add to a case and the maximum file size.

Procedure

  1. On the navigation menu ( Navigation menu icon ), click Admin.
  2. In the Forensics section, click Case Management.
  3. Select a case.
    • To add external files to an existing case, select the case from the Cases list.
    • To add files to a new case, click Add New Case.
      Restriction: Case names cannot contain spaces.
  4. From the Upload to Host list, select the managed host that you want to process the files.
  5. To add pcap files or other document types, choose one of the following methods:
    • Click Add files, select the files, and click Start upload.
    • Drag the files to the upload box.

    After the upload is complete, the files are listed in the Collections list.