Configuring rules

From the Log Activity, Network Activity, and Offenses tab, you can configure rules or building blocks.

Procedure

  1. Click the Offenses tab.
  2. Double-click the offense that you want to investigate.
  3. Click Display > Rules.
  4. Double-click a rule.

    You can further tune the rules. For more information about tuning rules, see the IBM QRadar Use Case Manager app documentation.

  5. Close the Rules wizard.

    The Creation Date property changes to the date and time when you last updated a rule.

  6. In the Rules page, click Actions.
  7. Optional: If you want to prevent the offense from being removed from the database after the offense retention period is elapsed, select Protect Offense.
  8. Optional: If you want to assign the offense to a IBM QRadar user, select Assign.