QRadar: Hardening QRadar appliances

Answer

Overview
QRadar has a list of federal certifications that are officially supported. Different versions of QRadar have obtained different certifications, and the versions that are certified are constantly changing. The process for many of these certifications can be lengthy, and IBM continues to innovate and improve QRadar products faster than they can be certified.

Under no circumstances should you harden your system using unsupported methods or make hardening changes without talking to IBM Security Services. Hardening changes can violate your support contract and might cause product issues or significantly impact your ability to receive support.

For more information about security certifications, see QRadar US federal certifications.


Hardening tool
A STIG hardening script is provided for QRadar appliances and is the most common hardening option for administrators. The STIG hardening script comes standard with all  QRadar 7.3.x and later appliances and is typically applied to All-in-One appliances. If you choose to apply STIG hardening to your full deployment, it is recommended that you engage IBM Professional Services to assist you with the configuration. You can contract Professional Services though your Sales Team. For more information, see:  IBM Security Services.

For operational and performance reasons, full-disk encryption, SELinux (Security-Enhanced Linux), and patch maintenance are intentionally excluded from the hardening procedures for full STIG compliance. For more information, see: Exceptions to STIG compliance.

For more information, see: Installing QRadar in a STIG environment overview.