Add to collection(s) Add to saved
  1. No category
Uploaded by fabio.giugliano

NetHierMgmt-v1.0.1

advertisement 
Network Hierarchy Management for QRadar
v1.0.1
Table of Contents
OVERVIEW ....................................................................................................................................................................... 1
SUPPORT ........................................................................................................................................................................ 1
INSTALLING...................................................................................................................................................................... 2
INSTALL STEPS ................................................................................................................................................................. 2
UNINSTALL STEPS ............................................................................................................................................................. 2
UPGRADING .................................................................................................................................................................... 2
NETWORK HIERARCHY BACKUPS ..................................................................................................................................... 2
TAKE A NETWORK HIERARCHY BACKUP ................................................................................................................................. 3
DELETE A NETWORK HIERARCHY BACKUP .............................................................................................................................. 3
RESTORE A NETWORK HIERARCHY BACKUP ............................................................................................................................ 3
DOWNLOAD A NETWORK HIERARCHY BACKUP........................................................................................................................ 3
EDIT A NETWORK HIERARCHY BACKUP .................................................................................................................................. 3
NETWORK HIERARCHY IMPORT....................................................................................................................................... 4
IMPORT A CSV ................................................................................................................................................................ 4
Overview
IBM® Security QRadar® uses the network hierarchy to understand your network traffic and provide you with
the ability to view activity for your entire deployment.
The network hierarchy does not need to resemble the physical deployment of your network. QRadar supports
any network hierarchy that can be defined by a range of IP addresses. You can organize your network and
systems on many different variables, including geographical or business units, role, or similar traffic patterns.
Using this organization, you can differentiate network behavior and enforce network management security
policies. QRadar considers all networks in the network hierarchy as local. Keep the network hierarchy up to
date to prevent false offenses.
Use this app to backup, import, export, and restore the QRadar network hierarchy using CSV files that are
editable as spreadsheets.
IBM® Security QRadar® uses the network hierarchy to understand your network traffic and provide you with
the ability to view activity for your entire deployment.
Note: this app will not backup and restore the geolocation feature added to the Network Hierarchy in
QRadar version 7.3.1.
Support
This app has been created by the IBM QRadar Product Professional Services (PPS) team and has been tested
by IBM PPS and beta customers prior to release on the App Exchange. It is provided for your use on an as-is
basis. Questions about this app can be posted on the IBM Customer Forum however IBM PPS does not
warrant that any defects will be corrected. Development and customization of this app for your environment
is provided by the Services team. Please contact the email address secpps@us.ibm.com for additional
information.
Installing
Install Steps
PROCEDURE
1. On the Admin tab, click Extension Management.
2. In the Extension Management window, click Add and select the QRadar Network Hierarchy
Management archive file.
3. Select the Install immediately check box, if you want QRadar to install the app immediately. Before the
app is installed, a preview list of the content items is displayed.
4. To preview the contents of an App after it is added and before it is installed, select it from the list of
extensions, and click More Details. Expand the folders to view the individual content items in each
group.
After installation is complete you will see a Network Hierarchy Management icon added under the QRadar
Admin tab.
Uninstall steps
PROCEDURE
1. On the Admin tab, click Extension Management.
2. On the INSTALLED tab of the Extension Management window, select your app and click Uninstall.
When you uninstall an app, it is removed from the system. If you want to reinstall it, you must add it again.
Upgrading
PROCEDURE
1. On the Admin tab, click Extension Management.
2. In the Extension Management window, click Add and select the QRadar Network Hierarchy
Management app archive file.
3. At the prompt, select Overwrite. All of your existing QRadar Network Hierarchy configuration remains
intact.
When the upgrade is complete, clear your browser cache and refresh the browser window before you use the
app.
Network Hierarchy Backups
The Backup feature lets you save backups, and allows you to track versions, of the currently deployed network
hierarchy in QRadar. These backups are stored locally in the app. The feature allows you to download the
backups in CSV format, or restore them (i.e. deploy them to the network hierarchy).
Take a Network Hierarchy Backup
You can take a backup of the currently deployed network hierarchy in QRadar.
PROCEDURE
1. On the Admin tab, click the QRadar Network Hierarchy icon in the Plug-ins section.
2. Click on the Backup button under the Backup section.
3. Enter a name for the backup. This is short descriptive name to help you remember the state of the
network hierarchy at the time of this backup.
4. (Optional) Enter a description for the backup. This field allows you to add longer notes on the state of
the network hierarchy at the time of this backup.
5. Click Save.
The new backup should be displayed in the table.
Delete a Network Hierarchy Backup
PROCEDURE
1. On the Admin tab, click the QRadar Network Hierarchy icon in the Plug-ins section.
2. On the row of the backup you wish to delete, click the trash icon.
3. Click Delete in the confirmation dialog.
The backup should now be removed from the table.
Restore a Network Hierarchy Backup
You can restore a backup you took of the network hierarchy back to QRadar. Using this feature will overwrite
the currently deployed network hierarchy in QRadar with the data from the backup you choose.
PROCEDURE
1. On the Admin tab, click the QRadar Network Hierarchy icon in the Plug-ins section.
2. On the row of the backup you wish to restore, click the restore icon.
3. Click Restore in the confirmation dialog.
4. On the Admin tab, click Deploy Changes to apply the changes.
You can verify the network hierarchy was restored by clicking the Network Hierarchy icon under the Admin
tab and reviewing it.
Download a Network Hierarchy Backup
PROCEDURE
1. On the Admin tab, click the QRadar Network Hierarchy icon in the Plug-ins section.
2. On the row of the backup you wish to delete, click the download icon.
3. Save the file with a .csv extension to your computer.
You can view the network hierarchy by opening the CSV file using software such as Microsoft Excel.
Edit a Network Hierarchy Backup
You can modify the Backup Name and Backup Description of a backup.
PROCEDURE
1. On the Admin tab, click the QRadar Network Hierarchy icon in the Plug-ins section.
2. On the row of the backup you wish to edit, click the edit icon.
3. Enter a new name for the backup. This is short descriptive name to help you remember the state of the
network hierarchy at the time of this backup.
4. Enter a new description for the backup. This field allows you to add longer notes on the state of the
network hierarchy at the time of this backup.
5. Click Save.
The edits your made should now be reflected on the backup displayed in the table.
Network Hierarchy Import
The Import feature allows you to update the QRadar network hierarchy using a comma-separated value (CSV)
file. The required columns in the file are: 'GROUP', 'NAME', 'CIDR', 'DESCRIPTION', 'DOMAIN'.
• GROUP: the parent under which to place this network hierarchy object. If you want to nest the
network hierarchy under multiple levels, separate the levels with a period character. For example, if
you want to create the hierarchy US >> Dallas, the group will be called “US.Dallas”. Once this is
deployed, the network hierarchy will display two levels.
• NAME: the name of this network hierarchy object. This is a name descriptive of the CIDR ranges it will
hold. For example, “DataCenter”.
• CIDR: the network range that identifies this network hierarchy object. If you want to add more than
one CIDR to the same object, add another row(s) in your CSV with the same GROUP, NAME, and
DESCRIPTION and add your additional CIDR range(s) to those rows.
• DESCRIPTION: a short description of this network hierarchy object.
• DOMAIN: the name of the QRadar Domain to assign this object. If you do not use the Domains feature
in QRadar, use “Default Domain”. Note: a parent network hierarchy object can only be in one domain.
For example, if your network hierarchy has a parent called “US”, and under it you have “Dallas” and
“Austin”, both “Dallas” and “Austin” have to use the same domain.
Import a CSV
You can update the network hierarchy using a CSV file saved on your computer.
PROCEDURE
1. On the Admin tab, click the QRadar Network Hierarchy icon in the Plug-ins section.
2. Click the Browse button and select your file. This must be a file in a comma-separated value (CSV)
format.
3. Click Upload.
4. On the Admin tab, click Deploy Changes to apply the changes.
The network hierarchy will be updated with the contents of your file.
Related documents
Chapter 2 Assignment ded
Chapter 2 Assignment ded
Models and Analysis of Production Systems 8/24/04 Paul A. Jensen
Models and Analysis of Production Systems 8/24/04 Paul A. Jensen
CS 290 – Object-Oriented Programming Due: Friday. Feb 12, 2016
CS 290 – Object-Oriented Programming Due: Friday. Feb 12, 2016
Goffman, “Frame Analysis of Gender”
Goffman, “Frame Analysis of Gender”
Download
advertisement