Discovering devices in your network

In IBM QRadar Risk Manager, use the Device Discovery screen in Configuration Monitor to add, edit, and run a defined discovery.

Before you begin

If you want to run a Discover From Check Point OPSEC device discovery, you must connect QRadar Risk Manager to the Check Point SMS. For more information, see Establishing secure communication between Check Point and IBM QRadar.

About this task

If you run a Discover with SNMP device discovery, any device that is not supported but responds to SNMP is added through the Generic SNMP adapter.

If you run a Discover From Check Point OPSEC device discovery, the default port for the CPSMS protocol is 18190.

If you run a Discover From Panorama device discovery, Palo Alto Panorama 10.2.2 is supported. To perform system-level commands, you must have the Superuser (full access) access level for Palo Alto devices that have Dynamic Block Lists. The Superuser (read-only) access level is used for all other Palo Alto devices.

To use the backup operation, run the following command: 
api/?type=op&cmd=<show><devices><connected></connected></devices></show>

Procedure

  1. On the Risks tab, click Configuration Monitor > Device Discovery.
  2. On the navigation pane, click Add.
  3. In the Discovery Profile Configuration pane, select a Discovery Type.
  4. Enter the Device IP for the device.
  5. Enter the additional information for the discovery type that you selected.
    • If you selected Discover with SNMP, select the Crawl Network checkbox to search for devices in the network from the defined IP address.
    • If you selected Discover From NSM, enter a valid username and password for the Juniper Network and Security Manager (NSM) web services. For Juniper NSM web services, this user must be able to access the Juniper NSM server.
    • If you selected Discover From repository, enter a valid username and password. Select a protocol and enter a remote path.
  6. To run the discovery immediately, click Run Discovery Now. Alternatively, you can save the profile configuration and run the discovery another time.
  7. Click Save.
  8. To edit a device that is listed in the Discovery list, follow these steps:
    1. Select a device on the Discovery list, and click Edit on the navigation pane.
    2. Edit the discovery details, and select Run Discovery Now to run the discovery immediately. Alternatively, you can save the profile configuration and run the discovery another time.
  9. To search for a device, enter the IP address/name in the Device IP field and click the Search icon.
  10. To delete a device discovery job, select a device on the Discovery List, and click Delete on the navigation pane.
  11. To monitor recent activities or troubleshoot devices, use the Recent Activity page.
    You can view all information that is related to the activity, including the type, state, and progress, or investigate the log.