IBM Support

QRadar: How to export current Custom Rules and Building Blocks to a CSV

How To


Some users might need to export their full set of Custom Rules and Building Blocks for change management, reporting, or compliance purposes.


QRadar™ provides two options for exporting the deployment's current Custom Rules and Building Blocks.
Option #1 - Use Case Manager
The QRadar Use Case Manager app, which is installed by default as of version 7.4.1, provides options for generating filtered reports on Rule configuration.
Exporting Rule information to CSV using Use Case Manager
Option #2 - Command line
There is also a support script, /opt/qradar/support/, which exports the entire rule set to a tab-delimited file, which can then be imported into a spreadsheet program of your choosing.


To export the full Rule set (all Custom Rules and Building Blocks) using
1. Use SSH to log on to the Console as root user.
2. Use the /opt/qradar/support/ script to export your full rule set to a tab-delimited file:
/opt/qradar/support/ -o <myOutputFile.tsv>
Note: If a full path is not specified for the output file, the output file is written to the current working directory.

Document Location


[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtrAAA","label":"Rules"}],"ARM Case Number":"TS004082294","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
01 June 2023