Configuring protocols in QRadar Risk Manager

You define protocols to obtain and update device configuration.

About this task

New in 7.4.1 You can configure credentials, protocols, and schedules in the Configuration Monitor in QRadar 7.4.1, fix pack 1 and later. For more information, see QRadar Risk Manager: Adobe Flash end of life and changes to Configuration Source Management (CSM) (https://www.ibm.com/support/pages/node/6326009).

Procedure

  1. On the Risk tab, click Configuration Monitor.
  2. From the navigation menu, click Protocols.
  3. Select Add from the toolbar.
  4. Type a Name for the protocol set.
  5. In the Address Sets section, click Add.
  6. In the Add Address field, type the IP address or CIDR range that you want to apply to the network group, and then click OK.
    Tip: You can use IP4 or IP6 address or CIDR ranges.
  7. Select the checkbox for each protocol that you want to enable.
    Tip: Select a protocol and click Increase Priority or Decrease Priority to adjust the order you want the protocols to be used.
  8. Select a protocol to configure its relevant properties.
    You can configure the following values for the protocol parameters:
    Table 1. Configuring protocol parameters
    Protocol Parameter
    SSH

    Configure the following parameters:

    Port - Type the port that you want the SSH protocol to use for communicating with and backing up network devices.

    The default SSH protocol port is 22.

    Version - Select the version of SSH that you want this network group to use for communicating with network devices. The following options are available:

    • Auto - Use SSH2 for communicating with network devices.
    • 1 - Use SSH1 for communicating with network devices.
    • 2 - Use SSH2 for communicating with network devices.
    Telnet

    Type the port number that you want the Telnet protocol to use for communicating with and backing up network devices.

    The default Telnet protocol port is 23.

    HTTPS

    Type the port number that you want the HTTPS protocol to use for communicating with and backing up network devices.

    The default HTTPS protocol port is 443.

    HTTP

    Type the port number that you want the HTTP protocol to use for communicating with and backing up network devices.

    The default HTTP protocol port is 80.

    SCP

    Type the port number that you want the SCP protocol to use for communicating with and backing up network devices.

    The default SCP protocol port is 22.

    SFTP

    Type the port number that you want the SFTP protocol to use for communicating with and backing up network devices.

    The default SFTP protocol port is 22.

    FTP

    Type the port number that you want the FTP protocol to use for communicating with and backing up network devices.

    The default SFTP protocol port is 22.

    TFTP The TFTP protocol does not have any configurable options.
    SNMP

    Configure the following parameters:

    Port - Type the port number that you want the SNMP protocol to use for communicating with and backing up network devices.

    Timeout(ms) - Select the amount of time, in milliseconds, that you want to use to determine a communication timeout.

    Retries - Select the number of times that you want to attempt to retry communications to a device.

    Version - Select the version of SNMP that you want to use for communications. The options are v1, v2, or v3.

    V3 Authentication - Select the algorithm that you want to use to authenticate SNMP traps.

    V3 Encryption - Select the protocol that you want to use to decrypt SNMP traps.

  9. Click Save.
    Tip: After you create your protocol sets, select a protocol set and click Increase Priority or Decrease Priority to adjust the order you want the protocol sets to be checked.