Credentials for accessing device configurations

In IBM® QRadar® Risk Manager, credentials are used to access and download the configuration of devices such as firewalls, routers, switches, or IPSs.

New in 7.4.1 You can configure credentials, protocols, and schedules in the Configuration monitor in QRadar 7.4.1, fix pack 1 and later. For previous versions of QRadar, see Network device management. For more information on this change, see this technote: https://www.ibm.com/support/pages/node/6326009.

Administrators use the Configuration Monitor to input device credentials that give QRadar Risk Manager access to specific devices. Individual device credentials can be saved for a specific network device. If multiple network devices use the same credentials, you can assign credentials to a group.

You can assign different devices in your network to network groups, to group credential sets and address sets for your devices.

A credentials set contains information such as username, and password values for a set of devices. An address set is a list of IP addresses that define a group of devices that share a set of credentials.

For example, the firewalls in your organization might have the same username and password. If so, the credentials that are associated with all the address sets for all the firewalls are used to back up device configurations for all firewalls in your organization.

If a network credential is not required for a specific device, the parameter can be left blank. For a list of required adapter credentials, see the IBM QRadar Risk Manager Adapter Configuration Guide.

Configure QRadar Risk Manager to prioritize how each network group is evaluated

The network group that is first on the list has the highest priority. The first network group that matches the configured IP address are included as candidates when you are backing up a device. A maximum of three credential sets from a network group are considered.

For example, if your network groups have the following composition:
  • Network group 1 contains two credential sets.
  • Network group 2 contains two credential sets.
QRadar Risk Manager compiles a maximum of three credential sets, so the following credential sets are used:

  • Both credential sets in network group 1 are used because network group 1 is higher in the list.

  • Only the first credential set in the network group 2 is used because only three credential sets are required.

When a credential set is used to successfully access a device, QRadar Risk Manager uses that same credential set for subsequent attempts to access the device. If the credentials on that device change, the authentication fails and for the next authentication attempt, QRadar Risk Manager compiles the credentials again to ensure success.