How To
Summary
Administrators can import and export a network hierarchy by using the API. In some instances, an administrator might need to make updates to an exported template before they reimport.
Steps
Administrators who change the deployment infrastructure regularly may want to use importing the .JSON file to help store back ups and track changes that are made to their network hierarchy.
Before you begin:
- For more information about how to export and import by using the API, see QRadar: How to export and import the network hierarchy information using the QRadar API
- Back up the exported .JSON file or create a configuration backup before you modify or make updates.
- This procedure is for minor updates. Major additions to the Network Hierarchy in the UI are preferred. Minor updates can be done by modifying the Hierarchy by using the JSON file
- Do not add special characters other than what is used in the example templates.
- Do not add white spaces.
- Be aware that after importing or updating the network hierarchy, administrators need to Deploy Changes.
Note: Schedule a maintenance outage before Deploying Changes - Support cannot take cases on modified JSON files. If you need help editing the JSON file contact the IBM Security Experts Lab.
It is still best practice to make major updates by using the Network Hierarchy tab from the Admin page.
After administrators export their network hierarchy by using the procedure given in the article, they get a file that has the .json file extension.
- Use a text editor to alter the .json file.
Note: There are no white spaces for an entry. - Locate the section or IP address range needing update.
- Each section is contained with { }. Make sure your structure, punctuation, and syntax is the same as examples shown.
- Save the changes to the file.
- Import the network hierarchy.json file back to QRadar.
An example of QRadars' default network hierarchy in a .JSON format is as shown,
[{"name":"Net_10_0_0_0","description":"Default Network",
"network_id":4,"cidr":"10.0.0.0/8","id":2,"domain_id":0,"group":"Net-10-172-192"},
{"name":"Net_172_16_0_0","description":"Default Network",
"network_id":5,"cidr":"172.16.0.0/12","id":3,"domain_id":0,"group":"Net-10-172-192"},
{"name":"Net_192_168_0_0","description":"Default Network",
"network_id":6,"cidr":"192.168.0.0/16","id":4,"domain_id":0,"group":"Net-10-172-192"},
{"name":"Internal","description":"Default Network",
"network_id":7,"cidr":"0.0.0.1/32","id":5,"domain_id":0,"group":"DMZ"},
{"name":"External","description":"Default Network",
"network_id":8,"cidr":"0.0.0.2/32","id":6,"domain_id":0,"group":"DMZ"},
{"name":"VPN_Addresses_Space","description":"Default Network",
"network_id":9,"cidr":"0.0.0.3/32","id":7,"domain_id":0,"group":"VPN_Addresses_Space"},
{"name":"Proxy_Servers","description":"Default Network",
"network_id":10,"cidr":"0.0.0.4/32","id":8,"domain_id":0,"group":"Proxy_Servers"},
{"name":"NAT_Ranges","description":"Default Network",
"network_id":11,"cidr":"0.0.0.5/32","id":9,"domain_id":0,"group":"NAT_Ranges"},
{"name":"Server_Network","description":"Default Network",
"network_id":12,"cidr":"0.0.0.7/32","id":10,"domain_id":0,"group":"Server_Network"},
{"name":"VoIP_Networks","description":"Default Network",
"network_id":13,"cidr":"0.0.0.11/32","id":11,"domain_id":0,"group":"VoIP_Networks"},
{"name":"Regulatory_Compliance_Servers","description":"Default Network",
"network_id":14,"cidr":"0.0.0.12/32","id":12,"domain_id":0,"group":"Regulatory_Compliance_Servers"},
{"name":"all","description":"",
"network_id":15,"cidr":"0.0.0.14/32","id":13,"domain_id":0,"group":"Wireless_Networks"}]
Administrators can see the export file contains nested information that show network_ID and ID. Other fields variables to pay attention to are,
"name":"Net_192_168_0_0"
"description":"Default Network"
"network_id":6
"cidr":"192.168.0.0/16"
"id":4
"domain_id":0
"group":"Net-10-172-192"
"description":"Default Network"
"network_id":6
"cidr":"192.168.0.0/16"
"id":4
"domain_id":0
"group":"Net-10-172-192"
Example of updated network hierarchy export,
[{"name":"Net_10_0_0_0","description":"Default Network",
"network_id":4,"cidr":"10.0.0.0/8","id":2,"domain_id":0,"group":"Net-10-172-192"},
{"name":"Net_172_16_0_0","description":"Default Network",
"network_id":5,"cidr":"172.16.0.0/12","id":3,"domain_id":0,"group":"Net-10-172-192"},
{"name":"Net_192_168_0_0","description":"Default Network",
"network_id":6,"cidr":"192.168.0.0/16","id":4,"domain_id":0,"group":"Net-10-172-192"},
{"name":"Internal","description":"Default Network",
"network_id":7,"cidr":"0.0.0.1/32","id":5,"domain_id":0,"group":"DMZ"},
{"name":"External","description":"Default Network",
"network_id":8,"cidr":"0.0.0.2/32","id":6,"domain_id":0,"group":"DMZ"},
{"name":"VPN_Addresses_Space","description":"Default Network",
"network_id":9,"cidr":"0.0.0.3/32","id":7,"domain_id":0,"group":"VPN_Addresses_Space"},\{"name":"Proxy_Servers","description":
"Default Network","network_id":10,"cidr":"0.0.0.4/32","id":8,"domain_id":0,"group":"Proxy_Servers"},
{"name":"NAT_Ranges","description":"Default Network",
"network_id":11,"cidr":"0.0.0.5/32","id":9,"domain_id":0,"group":"NAT_Ranges"},
{"name":"Server_Network","description":"Default Network",
"network_id":12,"cidr":"0.0.0.7/32","id":10,"domain_id":0,"group":"Server_Network"},
{"name":"VoIP_Networks","description":"Default Network",
"network_id":13,"cidr":"0.0.0.11/32","id":11,"domain_id":0,"group":"VoIP_Networks"},
{"name":"Regulatory_Compliance_Servers","description":"Default Network",
"network_id":14,"cidr":"0.0.0.12/32","id":12,"domain_id":0,"group":"Regulatory_Compliance_Servers"},
{"name":"all","description":"",
"network_id":15,"cidr":"0.0.0.14/32","id":13,"domain_id":0,"group":"Wireless_Networks"},
{"name":"DMZ2","description":"",
"network_id":23,"cidr":"0.0.0.0/8","id":21,"domain_id":0,"group":"DMZ"},
{"name":"DMZ2","description":"",
"network_id":23,"cidr":"0.0.0.18/32","id":22,"domain_id":0,"group":"DMZ"},
{"name":"Secret_networks","description":"",
"network_id":25,"cidr":"192.166.11.44/32","id":23,"domain_id":0,"group":"Spcial_Network"},
{"name":"Proxy_Servers","description":"Default Network",
"network_id":10,"cidr":"192.168.12.0/24","id":24,"domain_id":0,"group":"Proxy_Servers"},
{"name":"Proxy_Servers","description":"Default Network",
"network_id":10,"cidr":"192.168.0.0/22","id":25,"domain_id":0,"group":"Proxy_Servers"},
{"name":"QRadar","description":"",
"network_id":28,"cidr":"192.160.0.0/12","id":26,"domain_id":0,"group":"My_Network_group_for_QRadar_SIEM_produicts_and_features"}]
An example of an edited entry.
{"name":"Proxy_Servers","description":"Default Network",
"network_id":10,"cidr":"192.168.12.0/24","id":24,"domain_id":0,"group":"Proxy_Servers"},
Results
If there are no errors, the file imports as expected. If there is a mistake in the JSON file the template might not upload correctly.
Contact the IBM Security Experts Lab for help.
If there are no errors, the file imports as expected. If there is a mistake in the JSON file the template might not upload correctly.
Contact the IBM Security Experts Lab for help.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
29 August 2022
UID
ibm16613851