Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring the Use Case Explorer in QRadar Use Case Manager

The Use Case Explorer uses QID records and DSM event-mapping information to help determine rule coverage by log source type. The Use Case Explorer loads automatically, but you can refresh the settings at any time.

  1. On the Admin tab, click QRadar Use Case Manager > Configuration.
  2. To sync with the data in QRadar, click Sync QID Records. This process might take approximately 30 minutes to complete. You can still use the app while the records are syncing, but the data you work with might not be accurate.
  3. To manually refresh event mappings, click Sync DSM event mappings.

    When you install the app for the first time, it automatically syncs after installation. If you upgrade to QRadar Use Case Manager 2.0.0 or later, you don't need to sync.

  4. To back up your MITRE mappings (custom and IBM default), click Export MITRE mappings. You can then import this backup file later on the Use Case Explorer page.

    Only the custom mappings are imported from the file.

  5. If you're upgrading to QRadar Use Case Manager 3.1.0 or later, you might see a section that is called Report on migration from MITRE v6.3 to v8.x. This report appears if there were MITRE mappings in the previous version of the app that are now deprecated with the support for MITRE v8.1. All custom mappings that were created in previous versions of the app are automatically migrated to the new version. Mappings to techniques that are now deprecated or don't exist under a particular tactic are deleted and included in the migration report. Consider creating new mappings to these rules.

    When you've noted the mappings that are affected, you can click Clear migration report to permanently remove the report notification. Non-administrative users can see the report migration notification on the Use Case Explorer page.

  6. To configure a proxy server, expand the Proxy configuration section and enter the following information for your proxy server:

    • Protocol

    • Address or hostname

    • Port

    • Username

    • Password

  7. Click Save and then close the Settings page.

Related Documentation