Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Visualizing Rules and Building Blocks

Visualize the rules and building blocks that are used in IBM QRadar. After you organize the rule report, you can visualize the data through relationship graphs and coverage maps, and export the data to share with others.

  1. To show or hide the visualization pane, click the eye icon. Zoom in or out to see the relationships of rules or building blocks and their dependencies. Depending on the number of items, the graph visualizes a portion of the results.
  2. To get better results, refine the search by using the filters.
  3. To ensure that you're visualizing up-to-date content, refresh the rules with content from QRadar. The default refresh interval is every 15 minutes.

    For example, you install a new content extension and want to see the data right away, rather than wait for the next refresh interval.

  4. To expand the visualization pane to the width of your screen, click the maximize icon on the menu bar of the pane. Zoom in or out to focus on details.
    Note:

    The zoom capability is not supported on Mozilla Firefox. Use the browser control to zoom in and out.

  5. To switch between visualization charts, click View visualization charts and select from Relationship graph, MITRE ATT&CK, or Current and potential log source type coverage. For more information about log source type coverage, see Visualizing Log Source Type Coverage per Rule.