I recently had a request which had me pulling my hair out (it's not like I have any). The request to dump all of the QRadar rules. Having looked at the "custom_rule" table, I thought I may be able to do this. I then focused in on the "rule_data" field, only to find this information is in a manner which I could not even figure out the best way to parse.
While IBM did not have a way to do this, I was however, pointed to a location which may be helpful ... and it was very helpful. I assume, someone else may have a similar request in the future and thought I should post output here to retrieve a dump of all the rules.
The following commands will dump all rules and building blocks.
psql --username=qradar --no-align --command="SELECT rule_data FROM custom_rule" | grep "^<?xml" | sed --expression 's/<notes\/>/<notes><\/notes>/' --expression='s/.*<name>\(.*\)<\/name><notes>\(.*\)<\/notes>.*/"\1","\2"/' | sort > qradar.rules.csv
For additional information you can visit