- play_arrow QRadar Use Case Manager
- play_arrow What's New in QRadar Use Case Manager
- play_arrow Known Issues
- play_arrow Video Demonstrations
- play_arrow Supported Environments for QRadar Use Case Manager
- play_arrow Installation and Configuration Checklist
- Installation and Configuration Checklist
- Installing QRadar Use Case Manager
- Creating an Authorized Service Token
- Configuring the Use Case Explorer in QRadar Use Case Manager
- Assigning User Permissions for QRadar Use Case Manager
- Customizing User Preferences
- Predefined Report Content Templates
- Customizing Report Content Templates
- Custom Rule Attributes
- Creating Custom Rule Attributes
- Exporting and Importing Custom Rule Attributes
- Upgrading QRadar Use Case Manager
- Uninstalling QRadar Use Case Manager
- play_arrow MITRE ATT&CK Mapping and Visualization
- MITRE ATT&CK Mapping and Visualization
- Editing MITRE Mappings in a Rule or Building Block
- Editing MITRE Mappings in Multiple Rules or Building Blocks
- Sharing MITRE-mapping Files
- Visualizing MITRE Tactic and Technique Coverage in Your Environment
- Visualizing MITRE Coverage Summary and Trends
- Visualizing MITRE Tactics and Techniques that are Detected in a Specific Timeframe
- MITRE Heat Map Calculations
- play_arrow Investigating QRadar Rules and Building Blocks
- Investigating QRadar Rules and Building Blocks
- Filtering Rules and Building Blocks by their Properties
- Identifying Gaps in QRadar Rule Coverage from Content Extensions
- Investigating User Behavior Analytics Rules
- Duplicating Rules for Further Customization
- Exporting Rules
- Deleting Rules
- Rule Report Presentation
- Visualizing Rules and Building Blocks
- Visualizing Log Source Type Coverage per Rule
- play_arrow QRadar Tuning
Report Column Codes for Report APIs
Use the report column codes in the tables in the following APIs: POST
/api/rules_explorer/{reportId}/download_csv, POST
/api/rules_explorer/{reportId}/download_json, or GET
/api/rules_explorer/{reportId}/result.
Rule Attribute Columns
The following table describes the codes to use in the API for each report column.
Report column name | Code |
|---|---|
Rule_ID | ID |
Rule_UUID | UUID |
Attribute_Name | N |
Attribute_Rule | R |
Attribute_Enabled | EN |
Attribute_Action | A |
Attribute_Response | RE |
Attribute_Creation_Date | CD |
Attribute_Modification_Date | MD |
Attribute_Group | GR |
Attribute_Type | T |
Attribute_Notes | NO |
Attribute_Offense_Type | OT |
Attribute_Triggered | TG |
Attribute_First_Triggered | FTG |
Attribute_Last_Triggered | LTG |
Test_Definition | TD |
Event_Name | E |
Event_Description | ED |
Low_Level_Category | LLC |
Rule_Category | RC |
Rule_Origin | RO |
Response_Details | RED |
Action_Details | AD |
UBA_Risk | URSK |
Content Extension Columns
The following table describes the codes to use in the API for each report column.
Report column name | Code |
|---|---|
Not_Installed_CE | NI |
Content_Extension_name | CEN |
Content_Extension_Category | CEG |
Test Columns
The following table describes the codes to use in the API for each report column.
Report column name | Code |
|---|---|
Log_Source_Type | LST |
IP | IPC |
Port | PR |
Reference_Set | RS |
Reference_Set_With_Number_Of_Elements | RSS |
Xforce | XF |
Network_Hierarchy | NH |
Network_Hierarchy_And_Context | NHC |
Network | NT |
End_Point | EP |
Custom_Property | CP |
Domain | DOM |
Reference_Data | RD |
Log_Source | LS |
QID_IDs | QID |
Category_IDs | CAT |
Errors | ER |
GEO | GEO |
Ariel_Search | ARL |
Threshold | THR |
Log_Source_Group | LSG |
Log_Source_Type_ID | LST_ID |
Log_Source_Type_RO | LST_RO |
MITRE Columns
The following table describes the codes to use in the API for each report column.
Report column name | Code |
|---|---|
Tactic | TAC |
Technique | TEC |
Sub_Technique | STEC |
Tactic_RO | TAC_RO |
Sub_Technique_RO | STEC_RO |
Mapping_Enabled | MAP_EN |
Mapping_Confidence | MAP_C |
Tactic_ID | TAC_ID |
Technique_ID | TEC_ID |
Sub_Technique_ID | STEC_ID |
Mapping_Source | MAP${SOURCE_COLUMN_SUFFIX} |
