Mapping custom properties
To enhance the offense analysis, you must map your IBM® QRadar® custom properties to the QRadar Advisor with Watson™ app property names.
Before you begin
You must have QRadar administrator privileges to map properties.
Starting with version 2.5.0, suggested property mapping are provided for you to add. For more information, see Mapping custom properties in V2.5.0 and later.
About this task
Procedure
Example
What to do next
Mapping custom properties in V2.5.0 and later
Map your custom properties to the QRadar Advisor with Watson app property names for a better analysis of your offenses.
About this task
Suggested Properties are discovered on the system when you first configure the Property Mapping screen. Results are cached for 15 minutes, and then, after that time, the suggested properties are updated when you return to the Configuration wizard. Tip: If anything changes in your environment in the future and new properties are discovered, you can return to the Property Mapping section in the Configuration wizard to review newly suggested properties and then save the properties.
Note: When you first configure the Property Mapping screen, you must review any suggested properties and then click Save properties before you can proceed to the next step. If no properties are suggested, then you can proceed without saving.