IBM Support

QRadar: Creating a Nested Network Hierarchy



This technote describes a procedure on how to create a Nested Network Hierarchy.

Resolving The Problem

You can create a nested hierarchy by using this method.
Before you Begin
Creating a Nested Hierarchy using QRadar UI

Before you Begin

  1. Before beginning you need to backup the Network Hierarchy. To do this download the Network Hierarchy Management for QRadar APP from the X-Force Exchange.
  2. Log in to the QRadar User Interface.
  3. Click Admin tab.
  4. Click Extension Management icon
  5. Click Add.
  6. Use the Browse button to locate the NetHierMgmt_<version>.zip App from where you downloaded it.
  7. Click the checkbox Install immediately > click Add.
  8. Click Install.

  9. Click Network Hierarchy Management.

  10. Click Backup.
  11. Enter a Backup Name and Backup Description.
  12. Click Save.

Results: Back before changing Network Hierarchy is saved.

Creating a Nested Hierarchy using QRadar UI

  1. Log in to the QRadar User Interface.
  2. Click Admin tab.
  3. Click Network Hierarchy icon
  4. Click Add.
  5. Click the gear to Add a new group.
  6. Enter a Name for the Nested Group using periods between the Groups
  7. Click Save.

  8. In Add Network enter the Network Name.
  9. Enter the IP Addresses or CIDR(s) associated with the last Nest in the Group text box. In this case the IP Address will be added to Nest3.
  10. Click Create.

  11. To add another Network to one of the other Nested groups Click Add
  12. From the Group Drop-Down Menu select the Group you want to use for the New Network.
  13. Add the Group name and IP Address(s) or CIDR(s).
  14. Click Create.
  15. When you finish adding Groups and Networks from the Admin tab click Deploy Changes.


The Networks associated with Nest2 are correct despite appearances in the User Interface. To determine which Group owns NewYork and Kansas in the example, collapse Nest3. The Networks California, NewYork, and Kansas will appear under Nest2.

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Admin Console","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.3.1;7.3;7.2.8","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018