IBM Security QRadar

A domain is not defined based on network info. So what does it do to assign the network hierarchy to a domain? Does it mean every IP in the network belongs to the assigned domain? Then what about one subnet shows under two domains like ip conflicts?

If the network hierarchy is assigned to domain A, if a subnet in the network hierarchy shows in a log source belongs to domain B. What happens?

thanks,

------------------------------
F L
------------------------------

Referring to a Domain concept in QRadar, it is there to enforce logical segregation that covers also the case when some networks/segments have IP addresses that overlap; this could be a case when e.g. you have several sites with overlapping addresses that eventually get NATed or you might be a Managed Services Provider and IP address overlapping could happen quite easily. Domain tags ensure that these are considered as different ones. Assigning log sources / events to particular domains is something achieved on a different "place" but is complemented through settings performed via network hierarchy management.
These might help: Domain Segmentation , QRadar Open Mic - Let's talk about Domains and Tenants - 26 Oct 2018
​

------------------------------
Dusan VIDOVIC
------------------------------

Original Message:
Sent: Sat September 19, 2020 03:11 AM
From: F L
Subject: Network hierarchy domain

A domain is not defined based on network info. So what does it do to assign the network hierarchy to a domain? Does it mean every IP in the network belongs to the assigned domain? Then what about one subnet shows under two domains like ip conflicts?

If the network hierarchy is assigned to domain A, if a subnet in the network hierarchy shows in a log source belongs to domain B. What happens?

thanks,

------------------------------
F L
------------------------------