Export Event Mappings with Custom DSM

Once you have created your QIDmap entries, you can map them to your events by using the DSM editor, and export them through the export option.

  1. Login to QRadar.

  2. Click on Admin.

  3. Click on the DSM editor option.

  4. Select the created log source, search for "Thy".

  5. Click Select.

  6. Click Export.

  7. Enter in the required details.

  8. Click Export.

  9. The zip will be downloaded.

Search for your DSM using the ContentManagement Tool

Enter the following command:

[root\@qradar \~]\# /opt/qradar/bin/contentManagement.pl --action search --content-type 24 --id all --regex "\\w" \|grep Secret

Export the Custom Mappings

Enter the following command: 

[root\@qradar \~]\# /opt/qradar/bin/contentManagement.pl -a export -c all
/opt/qradar/bin/contentManagement.pl -a export -c sensordevicetype -i 4001

Results

tagtag

  1. Rename the zip file to MyExport.zip.

  2. On the new QRadar install, copy the .zip file and re-import it.

    Enter the following command:

    [root\@qradar \~]\# /opt/qradar/bin/contentManagement.pl --action import --file MyExport.zip