The QRadar Use Case Manager application allows administrators to evaluate and tune specific portions of QRadar, review rule coverage, and more. Administrators who want the Use Case Manager to evaluate rules must export their rules from QRadar using the generate-rules-script.sh utility. This utility generates an XML copy of the current QRadar rule set and can be automated so the administrators can import the information in to the QRadar Use Case Manager application to keep their rules up-to-date with the latest changes.
Was this topic helpful?
25 October 2019