Troubleshooting
Problem
Administrators can use the Network Hierarchy Management App to back up and restore a network hierarchy on their QRadar Console. This article covers how administrators can restore a default network hierarchy in QRadar and helps protect against an accidental network hierarchy changes or deletions.
Resolving The Problem
Before you begin
The existing Network Hierarchy app on the IBM® X-Force® Exchange is a CentOS 6 based version at the moment and might not install on newer QRadar versions. The application does not backup or restore latitude or longitude values that users added in the QRadar user interface.
The IBM X-Force Exchange offers an App, Network Hierarchy Management for QRadar to back up your Network Hierarchy. Administrators can download the app from the IBM X-Force Exchange. For more information, see Network Hierarchy Management for QRadar.
The Network Hierarchy Management app allows administrators to take backups of the Network Hierarchy. It is recommended that Administrators take a backup before you start to customize the Network Hierarchy. During each phase of developing your network hierarchy, take another backup. The app allows an administrator to restore and overwrite the hierarchy at any point to a known state from a backup file.
The application does not allow users to restore segments from a backup, but you can save that backup to your computer as a CSV and edit it with a spreadsheet program such as Microsoft Excel. Administrators can then upload the CSV and restore those entries to the network hierarchy. To make the restored Hierarchy active, administrators must click Deploy Changes from the Admin tab.
If you need to know the default values of the Network Hierarchy that are provided during installation for pre-configured rules, refer to this table.
Table 1 Default Network Hierarchy.
The Network Hierarchy Management app allows administrators to take backups of the Network Hierarchy. It is recommended that Administrators take a backup before you start to customize the Network Hierarchy. During each phase of developing your network hierarchy, take another backup. The app allows an administrator to restore and overwrite the hierarchy at any point to a known state from a backup file.
The application does not allow users to restore segments from a backup, but you can save that backup to your computer as a CSV and edit it with a spreadsheet program such as Microsoft Excel. Administrators can then upload the CSV and restore those entries to the network hierarchy. To make the restored Hierarchy active, administrators must click Deploy Changes from the Admin tab.
If you need to know the default values of the Network Hierarchy that are provided during installation for pre-configured rules, refer to this table.
Table 1 Default Network Hierarchy.
|
DMZ
NAT_Ranges
Net-10-172-192
Proxy_Servers
Regulatory_Compliance_Servers
Server_Network
VPN_Addresses_Space
VoIP_Networks
Wireless_Networks
|
The Default Network Hierarchy CSV is provided for download.
DefaultNetworkHierarchy.csvResults: Use the Network Hierarchy Management for QRadar to manage and retain your Network Hierarchy.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
30 June 2022
UID
swg22014446