Reporting on policy questions
I have submited a policy question on device/rules in Risk Manager. Results are returned, however I cannot see an opton for saving this results or exporting them as I need to report on them. What is the best way to work around this? The export option is available for the Policy questions only...
This dW Answers question is about an IBM document with the Title:
QRadar Technote Index
Hi Kga, Most of the default risk-manage reports are on the reports tab, like, firewall rules report and such, if there's an embedded report on policy questions it should be there, however if not, you can create a customized report following the steps on section 9 of this guide: https://www.google.com/url?sa=t&source=web&rct=j&url=ftp://public.dhe.ibm.com/software/security/products/qradar/documents/7.2.1/QRM/EN/b_qrm_ug.pdf&ved=0ahUKEwih--qbr_vRAhVISCYKHU9KBFUQFggjMAM&usg=AFQjCNEyM0mol8SFLOjXgW6D2HGblnAlVw&sig2=i1KbdTzptkTzlckJ8duLJQ
Hi Bruno
My issue with the Qradar Risk ports is that they are very restrictive. For example, on the Device rules, you can create a report on the following: Most used accept rules, Most used deny rules, Least used accept, Least used deny rules, Shadowed rules, Unused object rules. I do not want to report on such. I want to report on the results of my policy question. So if I had an option to save this results it would be eaiser to call the search in my report. Not sure if I'm clear?