Using custom rules & rule responses to forward data
Use the Custom Rule wizard to configure forwarding of event data
that matches rules in your system. Configure the rule response to forward event data to one or more
forwarding destinations.
About this task
The criteria that determines the event data that is sent to a forwarding destination is based on the tests and building blocks that are included in the rule.
When the rule is configured and enabled, all event data that matches the rule tests are automatically sent to the specified forwarding destinations. For more information about how to edit or add a rule, see the IBM QRadar User Guide for your product.
Procedure
- Click the Offenses or Log Activity tab.
- On the Rules menu, select Rules.
- In the Rules List window, select the rule to edit, or click Actions to create a new rule.
- On the Rule Response page in the Rule wizard, ensure that you select the Send to Forwarding Destinations option.