QRadar Risk Manager: Adobe Flash end of life and changes to Configuration Source Management (CSM)

News

Abstract

Administrators with QRadar Risk Manager appliances in their deployment are being alerted to changes in Configuration Source Manager due to the approaching end of life of Adobe Flash. Due to removal of Adobe Flash, the Configuration Source Management (CSM) functionality is integrated in to the Configuration Monitor. The updated Configuration Monitor interface is available to administrators who upgrade their QRadar deployment in upcoming fix pack releases.

Content

About

QRadar Risk Manager administrators are being alerted to an upcoming user interface change to the Configuration Source Management (CSM) component. Due to the End of Life (EOL) announcement for Adobe Flash, QRadar Risk Manager has deprecated the default Configuration Source Management interface and integrated device backup and configuration functionality in to the Configuration Monitor. The Configuration Monitor interface includes the same device backup functionality, but was developed without Adobe Flash to ensure that administrators can comply with Adobe's 31 December 2020 end of life announcement. Administrators who are in corporate environments who are required to remove Adobe Flash can discuss upgrades to a QRadar version that includes the updates to the Configuration Monitor. All created schedules (Scheduled Discovery, jobs) are automatically moved from the legacy Admin tab Configuration Source Management interface to the Configuration Monitor on the Risks tab after you upgrade.

Product versions

The following versions integrate scheduling and device configurations on the Risks tab in to the Configuration Monitor:

QRadar Risk Manager 7.4.1 fix pack 1 and later
QRadar Risk Manager 7.3.3 fix pack 5 and later

How to identify the issue

A notice is displayed in the Configuration Source Management component to advise administrators that the Configuration Source Management is deprecated. Administrators who see this information message can upgrade to a QRadar version that includes the Configuration Monitor to avoid interruptions with device configurations after 31 December 2020 due to Adobe Flash end of life (EOL) issues.

Figure 1: Legacy Configuration Source Management user interface for Adobe Flash.

Figure 2: Browsers which block Adobe Flash by default do not display the Configuration Source Management user interface.

Locating the Configuration Monitor

QRadar 7.4.1 fix pack 1 and QRadar 7.3.3 fix pack 5 updates move the functionality of discovery, backups, credentials and scheduled to the Risks tab. Administrators can use the Configuration Monitor to make changes to their devices after an upgrade to the QRadar deployment. The functionality between Configuration Source Manager and the Configuration Monitor is identical and the Configuration Monitor does not include dependencies on Adobe Flash.

Procedure

Log in to QRadar.
Click the Risks tab.
In the Risk Manager pane, click Configuration Monitor.

Figure 3: Location of the Configuration Monitor on the Risks tab.
Use the Configuration Monitor to manage your devices.

Schedules and device backups

Schedules Configuration for QRadar Risk Manager allows administrators to define backup jobs or device discovery in the Configuration Monitor. Schedules are now setup using the Configuration Monitor. Devices can be added to the schedule and a trigger defines the time and recurrence for the backup or device discovery, which can occur either once, daily, weekly, monthly, or defined as a cron job expression.
Figure 4: Schedules are now defined in the Configuration Monitor for the Risk Manager versions defined in this technical note.

Procedure

Click the Risks tab.
Expand the Configuration Monitor and select Schedules.
On the Scheduled page, click Add to create a new schedule or select and existing schedule and click Edit.
Type a unique Name for the schedule.
Select a Group from the drop-down list or type a new Group name.

Select a schedule type:

Select a schedule type to either backup or discover new devices
Option	Description
Backup	Backup schedules allow users to collect device configuration changes from discovered network devices.
Discovery	Updates the telemetry (neighbor) information for devices and adds newly discovered network devices.

Note: If a discovery schedule exists, you must select Backup. You cannot change the Type of an existing schedule.

If you are creating a discovery schedule and want to add newly discovered devices to a product, select Crawl.
If you are creating a backup schedule, click Edit and add or remove devices to be targeted for backup. Then perform one of the following actions
Use the arrows to move devices from the Available Devices list to the Selected Devices list.
Select Search to configure a search to dynamically target devices based on IP address, operating system, model, or hostname.
Tip: You can search for Admin or Interface IP addresses with a comma-separated list of IP addresses or CIDR ranges.
Select a Trigger to specify the frequency you want the schedule to run.
- Once
- Daily
- Weekly
- Monthly
- Cron
  
  Note: Cron expressions that repeat more than once per hour are not accepted.
Click Save.

Device discovery

Credentials

Configuring protocols

QRadar Risk Manager users can define the protocol, port, and other details required to communicate to a set of network devices. You can assign devices to network groups, which allows you to group together protocol sets and address sets for your devices.

Procedure

On the Risk tab, click Configuration Monitor.
In the navigation menu, click Protocols.
Select Add from the toolbar.
Type a Name for the protocol set.
In the Address Sets section, click Add.
In the Add Address field, type the IP address or CIDR range that you want to apply to the network group, then click OK.
Tip: You can use IP4 or IP6 address or CIDR ranges.
Select the check box for each protocol you want to enable.
Tip: Select a protocol and click Increase Priority or Decrease Priority to adjust the order you want the protocols to be used.

Select a protocol to configure its relevant properties. You can configure the following values for the protocol parameters:

Table 1. Protocol parameters
Protocol	Parameter description
SSH	Configure the following parameters: Port- Type the port on which you want the SSH protocol to use when communicating with and backing up network devices. The default SSH protocol port is 22. Version- Select the version of SSH that you want this network group to use when communicating with network devices. The available options are as follows: Auto- This option automatically detects the SSH version to use when communicating with network devices. 1 - Use SSH-1 when communicating with network devices. 2 - Use SSH-2 when communicating with network devices.
Telnet	Type the port number you want the Telnet protocol to use when communicating with and backing up network devices. The default Telnet protocol port is 23.
HTTPS	Type the port number you want the HTTPS protocol to use when communicating with and backing up network devices. The default HTTPS protocol port is 443
HTTP	Type the port number you want the HTTP protocol to use when communicating with and backing up network devices. The default HTTP protocol port is 80.
SCP	Type the port number you want the SCP protocol to use when communicating with and backing up network devices. The default SCP protocol port is 22.
SFTP	Type the port number you want the SFTP protocol to use when communicating with and backing up network devices. The default SFTP protocol port is 22.
FTP	Type the port number you want the FTP protocol to use when communicating with and backing up network devices. The default SFTP protocol port is 22.
TFTP	The TFTP protocol does not have any configurable options.
SNMP	Configure the following parameters: Port - Type the port number you want the SNMP protocol to use when communicate with and backing up network devices. Timeout(ms) - Select the amount of time, in milliseconds, that you want to use to determine a communication timeout. Retries - Select the number of times you want to attempt to retry communications to a device. Version - Select the version of SNMP you want to use for communications. The options are v1, v2, or v3. V3 Authentication - Select the algorithm you want to use to authenticate SNMP traps. V3 Encryption - Select the protocol you want to use to decrypt SNMP traps.

Click Save.
Tip: After you create your protocol sets, select a protocol set and click Increase Priority or Decrease Priority to adjust the order you want the protocol sets to be checked.

Notice: Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.

*Cross-reference information*
Product	Component	Platform	Version
IBM Security QRadar Risk Manager	QRadar Risk and Vulnerability Manager	Linux	7.3.3, 7.4.1
IBM Security QRadar SIEM	QRadar Risk and Vulnerability Manager	Linux	7.3.3, 7.4.1

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQQU","label":"IBM Security QRadar Risk Manager"},"ARM Category":[{"code":"a8m0z000000cwtKAAQ","label":"QRadar Risk and Vulnerability Manager"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.3;7.4.1"},{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtKAAQ","label":"QRadar Risk and Vulnerability Manager"}],"Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.3;7.4.1"}]

Was this topic helpful?

Document Information

More support for:
IBM Security QRadar Risk Manager

Component:
QRadar Risk and Vulnerability Manager

Software version:
7.3.3, 7.4.1

Operating system(s):
Linux

Document number:
6326009

Modified date:
08 October 2020

UID

ibm16326009

IBM Support

Tips