QRadar: Building Block of type Common will not reflect flows when added to System: Load Building Blocks

Question & Answer

Question

Will a building block of type: Common work when added to 'System: Load Building Blocks'?

Answer

The rule, System: Load Building Blocks is an Event only rule. If a building block is created from Type: Common, which includes both Events and Flows, and is then added to the System: Load Building Blocks rule, it will load, but will only reflect Event offenses and not Flow offenses. Flow offenses can be triggered when using Flow rules, which are then bound to the building block used in a Flow rule.

Note: To use a type Common Building Block in a rule you need to apply it to a type Common Rule.
Rules of the type Common are used when Flows and Events need to be tested together in the same test, in sequence, in the same test group.

[{"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"Offense Manager","Platform":[{"code":"PF016","label":"Linux"}],"Version":"Version Independent","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

QRadar: Building Block of type Common will not reflect flows when added to System: Load Building Blocks

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?