Use Cisco Nexus adapters in IBM Security QRadar Risk Manager

Product documentation


Abstract

Requirements for the Cisco Nexus adapter and information about adding a Nexus device to IBM QRadar Risk Manger.

Content

The requirements for the Cisco Nexus adapter are described below.


Supported versions

There are no version restrictions for this adapter.

Neighbor data support

This adapter supports neighbor data.

SNMP discovery

The device matches Cisco NX-OS and an optional qualification string that ends with Software in the SNMP sysDescr.

For example:

(Cisco NX\-OS.* Software)

Required credential parameters

The credentials and parameters required are Username, and Password.

If you add virtual device contexts (VDCs) as individual devices so that they can be backed up and viewed in the topology, then there are specific requirements for the username and password. In this situation, the username and password must be able to access the account that is enabled to access the VDCs and use the required commands in that virtual context.

The required commands are listed below.

Connection protocols

The supported device protocols are Telnet and SSH.

Required third party files

The following Red Hat Package Manager (RPM) files are required:

  • perl-Net-CIDR-Set-0.11-1.noarch.rpm
  • perl-XML-Twig-3.42-1.noarch.rpm
  • adapters-common-2013.03_05-515182.noarch.rpm

Required commands

The commands that the adapter requires to log in and collect data for are:

  • terminal length 0
  • show version
  • show hostname
  • show vdc
  • snow snmp
  • show module
  • dir <fs>, where fs is all of the filesystems on device
  • show interface brief
  • show interface snmp-ifindex
  • show interface <if> , where if is all of the interfaces from show interface brief with config sections
  • show running-config
  • show startup-config
  • show static-route
  • show ip access-lists
  • show object-group
  • show vlan
  • show vtp status
  • show hsrp
  • show vrrp
  • show vtp
  • show glbp
  • show ip arp
  • show mac address-table
  • show ip route
  • show ipv6 route
  • show ipv6 ndp
  • show cdp entry all
  • switchto <vdc>, for all supported virtual device contexts

Methods for adding Virtual Device Contexts for Nexus devices

You use Configuration Source Management to add Nexus network devices and VDCs to IBM Security QRadar SIEM. There are two ways to add multiple VDCs to QRadar Risk Manager.

You can add VDCs as sub-devices of the Nexus device or as individual devices.

View Virtual Device Contexts

If VDCs are added as individual devices, then each VDC displays as a device in the topology.

If VDCs are added as a sub-device, they do not display in the topology. Instead, you can view the VDCs in Configuration Monitor.

Adding VDCs as sub-devices of your Nexus device

You use Configuration Source Manager to add the Nexus device, which includes the VDCs as sub-devices.


    Procedure
    1. Use Configuration Source Manager to add your Nexus device and the appropriate user credentials. See in the IBM Security QRadar Risk Manager Adapter Guide .

    2. Use Configuration Source Manager to obtain the configuration information for your Nexus device. See "Obtain device configuration" in the IBM Security QRadar Risk Manager User Guide.

    3. If the following commands are not enabled, then you must enable the commands for the user that is specified in the credentials:

    • show vdc (at admin context)
    • switchto vdc <x>, where x is the VDCs that are supported

    What to do next
    You can view the Nexus device in the topology and the VDC sub-devices in Configuration Monitor. For information about viewing devices, see the IBM Security QRadar Risk Manager User Guide.


Adding VDCs as individual devices
You use Configuration Source Manager to add each VDC as a separate device. When you use this method, the Nexus device and the VDCs display in the topology.

    About this task

    When you view your Nexus device and VDCs in the topology, the chassis containment is represented separately.

    Procedure
    1. Use Configuration Source Manager to add the admin IP address of each VDC. See in the IBM Security QRadar Risk Manager Adapter Guide .

    2. Use Configuration Source Manager to obtain the configuration information for your VDCs. See “Obtain device configuration” in the IBM Security QRadar Risk Manager User Guide.

    3. Disable the switchto vdc command.



Disabling VDC commands for VDCs added as individual devices
If you added VDCs as individual devices, then you must disable the VDC command for the username that is associated with the adapter.

    Before you begin

    You need to add your device and VDCs, and obtain their configuration information.

    About this task

    After you obtain the configuration information for your Nexus device and VDCs, you must disable the VDC command for the username that you specified the credentials of the device.

    Procedure
    1. On the Nexus device, disable the switchto vdc command in the Nexus CLI for access from the backup user account.

    For example, if the user name for a Nexus device is qrmuser, you might type the following in the CLI:

    NexusDevice(config)# role name qrmuser
    NexusDevice(config-role)# rule 1 deny command switchto vdc
    NexusDevice(config-role)# rule 2 permit command show
    NexusDevice(config-role)# rule 2 permit command terminal
    NexusDevice(config-role)# rule 2 permit command dir

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security QRadar Risk Manager

Software version:

7.1

Operating system(s):

Linux, Windows

Reference #:

7038399

Modified date:

2013-07-19

Translate my page

Machine Translation

Content navigation