Defining your network hierarchy

A default network hierarchy that contains pre-defined network groups is included in IBM QRadar. You can edit the pre-defined network hierarchy objects, or you can create new network groups or objects.

About this task

Network objects are containers for Classless Inter-Domain Routing (CIDR) addresses. Any IP address that is defined in a CIDR range in the network hierarchy is considered to be a local address. Any IP address that is not defined in a CIDR range in the network hierarchy is considered to be a remote address. A CIDR can belong only to one network object, but subsets of a CIDR range can belong to another network object. Network traffic matches the most exact CIDR. A network object can have multiple CIDR ranges assigned to it.

Some of the default building blocks and rules in QRadar use the default network hierarchy objects. Before you change a default network hierarchy object, search the rules and building blocks to understand how the object is used and which rules and building blocks might need adjustments after you modify the object. It is important to keep the network hierarchy, rules, and building blocks up to date to prevent false offenses.

Procedure

  1. On the navigation menu ( Navigation menu icon ), click Admin.
  2. In the System Configuration section, click Network Hierarchy.
  3. From the menu tree on the Network Views window, select the area of the network in which you want to work.
  4. To add network objects, click Add and complete the following fields:
    Option Description
    Name The unique name of the network object.
    Tip: You can use periods in network object names to define network object hierarchies. For example, if you enter the object name D.E.F, you create a three-tier hierarchy with E as a subnode of D, and F as a subnode of E.
    Group The network group in which to add the network object. Select from the Group list, or click Add a New Group.
    Tip: When you add a network group, you can use periods in network group names to define network group hierarchies. For example, if you enter the group name A.B.C, you create a three-tier hierarchy with B as a subnode of A, and C as a subnode of B.
    Restriction: The lengths of the name and the group combined must not be more than 255 characters.
    IP/CIDR(s) Type an IP address or CIDR range for the network object, and click Add. You can add multiple IP addresses and CIDR ranges.
    Description A description of the network object.
    Country / Region The country or region in which the network object is located.
    Longitude and Latitude The geographic location (longitude and latitude) of the network object. These fields are co-dependent.
  5. Click Create.
  6. Repeat the steps to add more network objects, or click Edit or Delete to work with existing network objects.