A default network hierarchy that contains pre-defined network groups is included in IBM
QRadar. You can edit the
pre-defined network hierarchy objects, or you can create new network groups or objects.
About this task
Network objects are containers for Classless Inter-Domain Routing (CIDR) addresses. Any IP
address that is defined in a CIDR range in the network hierarchy is considered to be a local
address. Any IP address that is not defined in a CIDR range in the network hierarchy is considered
to be a remote address. A CIDR can belong only to one network object, but subsets of a CIDR range
can belong to another network object. Network traffic matches the most exact CIDR. A network object
can have multiple CIDR ranges assigned to it.
Some of the default building blocks and rules in QRadar use the default network
hierarchy objects. Before you change a default network hierarchy object, search the rules and
building blocks to understand how the object is used and which rules and building blocks might need
adjustments after you modify the object. It is important to keep the network hierarchy, rules, and
building blocks up to date to prevent false offenses.
Procedure
-
On
the navigation menu ( ), click
Admin.
-
In the System Configuration section, click Network
Hierarchy.
-
From the menu tree on the Network Views window, select the area of the
network in which you want to work.
-
To add network objects, click Add and complete the following
fields:
Option |
Description |
Name |
The unique name of the network object. Tip: You can use periods in network object
names to define network object hierarchies. For example, if you enter the object name
D.E.F, you create a three-tier hierarchy with E as a subnode of D, and F as a
subnode of E.
|
Group |
The network group in which to add the network object. Select from the
Group list, or click Add a New Group. Tip: When you add a network group, you can use periods in network group names to define network group
hierarchies. For example, if you enter the group name A.B.C, you create a
three-tier hierarchy with B as a subnode of A, and C as a subnode of B.
Restriction: The lengths of the name and the group combined must not be more than 255
characters.
|
IP/CIDR(s) |
Type an IP address or CIDR range for the network object, and click
Add. You can add multiple IP addresses and CIDR ranges. |
Description |
A description of the network object. |
Country / Region |
The country or region in which the network object is located. |
Longitude and Latitude |
The geographic location (longitude and latitude) of the network object. These fields are
co-dependent. |
-
Click Create.
-
Repeat the steps to add more network objects, or click Edit or
Delete to work with existing network objects.