I have submited a policy question on device/rules in Risk Manager. Results are returned, however I cannot see an opton for saving this results or exporting them as I need to report on them. What is the best way to work around this? The export option is available for the Policy questions only...
This dW Answers question is about an IBM document with the Title:
QRadar Technote Index
Answer by Bruno S Silva (461) | Feb 06, 2017 at 05:35 AM
Hi Kga, Most of the default risk-manage reports are on the reports tab, like, firewall rules report and such, if there's an embedded report on policy questions it should be there, however if not, you can create a customized report following the steps on section 9 of this guide: https://www.google.com/url?sa=t&source=web&rct=j&url=ftp://public.dhe.ibm.com/software/security/products/qradar/documents/7.2.1/QRM/EN/b_qrm_ug.pdf&ved=0ahUKEwih--qbr_vRAhVISCYKHU9KBFUQFggjMAM&usg=AFQjCNEyM0mol8SFLOjXgW6D2HGblnAlVw&sig2=i1KbdTzptkTzlckJ8duLJQ
Answer by Kgalisto (3) | Feb 07, 2017 at 03:11 AM
Hi Bruno
My issue with the Qradar Risk ports is that they are very restrictive. For example, on the Device rules, you can create a report on the following: Most used accept rules, Most used deny rules, Least used accept, Least used deny rules, Shadowed rules, Unused object rules. I do not want to report on such. I want to report on the results of my policy question. So if I had an option to save this results it would be eaiser to call the search in my report. Not sure if I'm clear?
Announcement: QVM Externally Hosted Scans (March 1st - power outtage) 0 Answers
Search results are not shown in log activity tab 0 Answers
How to create a rule that will capture if a search is running longer than 9 minutes? 3 Answers
How to capture an amount greater than 24001 but not more than 27000 via regex 3 Answers
Other hardware 1 Answer