Importing CIDR ranges for AWS into the QRadar network hierarchy

Import CIDR ranges from your AWS VPCs and external IP addresses from your AWS EC2 instances into the QRadar® network hierarchy. The IP addresses in these CIDR ranges are local.

Before you begin

To modify information on this tab, ask your administrator to give you system administrator permissions.

About this task

The Network Hierarchy page for AWS shows you which CIDR ranges from your AWS Internal IP (VPC) and External IP (EC2) instances can be imported into the Network Hierarchy in QRadar. You can choose whether you want to add ranges or IP addresses to the Network Hierarchy. Also, you can delete them if you do not want them in the Network Hierarchy for QRadar. If an IP is contained within a CIDR range that's already in Network Hierarchy, you cannot add it again.

Procedure

To add a range from AWS to Network Hierarchy in QRadar, use the following steps:
1. Click Utilities > Network Hierarchy.
2. Select the check box for each range or IP address that you want to add and click Add.
3. Go to the Admin tab in QRadar and click Deploy Changes.
Tip: The first time that you add a range into the Network Hierarchy, you are asked to provide a network object name. When you set this name, it cannot be changed. "AWS" is the default network object name. You can't reuse an existing network object name unless you delete the network object in IBM® QRadarfirst.
To remove IP addresses and ranges from the Network Hierarchy in QRadar, use the following steps:
1. Click Utilities > Network Hierarchy.
2. Select the check box for each range or IP address that you want to remove and click Delete.
3. Go to the Admin tab in QRadar and click Deploy Changes.

Results

By adding CIDR ranges from AWS VPCs in your AWS EC2 instances into QRadar, you can see them in the QRadar network hierarchy page.

Shows what the network hierarchy tab looks like before you add the ranges into QRadar. — Figure 1. Network Hierarchy tab