From the Log Activity, Network
Activity, and Offenses tab, you
can configure rules or building blocks.
Procedure
-
Click the Offenses tab.
-
Double-click the offense that you want to investigate.
-
Click .
-
Double-click
a rule.
You can further tune the rules. For more information about tuning rules, see the IBM
QRadar Use Case Manager app documentation.
-
Close the Rules wizard.
The Creation Date property changes to the date and time when you last
updated a rule.
-
In the Rules page, click Actions.
- Optional:
If you want to
prevent the offense
from being removed from the database after the offense retention period
is elapsed, select Protect Offense.
- Optional:
If you want to assign the offense to a IBM
QRadar user, select
Assign.