Network hierarchy

You can view different areas of your network that is organized by business function and prioritize threat and policy information according to business value risk.

IBM® QRadar® uses the network hierarchy to do the following tasks:

  • Understand network traffic and view network activity.
  • Monitor specific logical groups or services in your network, such as marketing, DMZ, or VoIP.
  • Monitor traffic and profile the behavior of each group and host within the group.
  • Determine and identify local and remote hosts.

When you develop your network hierarchy, consider the most effective method for viewing network activity. The network hierarchy does not need to resemble the physical deployment of your network. QRadar supports any network hierarchy that can be defined by a range of IP addresses. You can base your network on many different variables, including geographical or business units.

The objects that are defined in your network hierarchy do not have to be physically in your environment. All logical network ranges belonging to your infrastructure must be defined as a network object.

For more information, see the IBM QRadar Administration Guide.