Comparing the configuration of your network devices

In IBM QRadar Risk Manager, device configurations can be compared to each other by comparing multiple backups on a single device or by comparing one network device backup to another.

Common configuration types can include the following items:
  • Standard Element Document - Standard Element Document (SED) files are XML data files that contain information about your network device. Individual SED files are viewed in their raw XML format. If a SED file is compared to another SED file, then the view is normalized to display the rule differences.
  • Config - Configuration files are provided by certain network devices, depending on the device manufacturer.
Depending on the information that the adapter collects for your device, several other configuration types might be displayed. These files are displayed in plain text view when double-clicked.

Procedure

  1. Click the Risks tab.
  2. From the navigation menu, click Configuration Monitor.
  3. Double-click any device to view the detailed configuration information.
  4. Click History to view the history for this device.
  5. Compare two configurations on a single device by completing the following steps:
    1. Select a primary configuration.
    2. Press the CTRL key and select a second configuration for comparison.
    3. In the History pane, click Compare Selected.

      If the comparison files are standard element documents (SEDs), then the Normalized Device Configuration Comparison window shows rule differences between the backups.

      When you compare normalized configurations, the color of the text shows the following device updates:

      • A green dotted outline shows a rule or configuration that was added to the device.
      • A red dashed outline shows a rule or configuration that was deleted from the device.
      • A yellow solid outline shows a rule or configuration that was modified on the device.
    4. To view the raw configuration differences, click View Raw Comparison.

      If the comparison is a configuration file or another backup type, then the raw comparison is displayed.

  6. Compare two configurations on different devices by completing the following steps:
    1. Select a primary configuration from a device.
    2. Click Mark for Comparison.
    3. From the navigation menu, select All Devices to return to the device list.
    4. Double-click the device to compare and click History.
    5. Select a configuration that you want to compare with the marked configuration.
    6. Click Compare with Marked.
    7. To view the raw configuration differences, click View Raw Comparison.

What to do next

Adding a network device in QRadar Risk Manager