Encryption

To provide secure data transfer between each of the appliances in your environment, IBM® QRadar® has integrated encryption support that uses OpenSSH. Encryption occurs between managed hosts, and is enabled by default when you add a managed host.

When encryption is enabled, a secure tunnel is created on the client that initiates the connection, by using an SSH protocol connection. When encryption is enabled on a managed host, an SSH tunnel is created for all client applications on the managed host. When encryption is enabled on a non-Console managed host, encryption tunnels are automatically created for databases and other support service connections to the Console. Encryption ensures that all data between managed hosts is encrypted.

For example, with encryption enabled on an Event Processor, the connection between the Event Processor and Event Collector is encrypted, and the connection between the Event Processor and Magistrate is encrypted.

The SSH tunnel between two managed hosts can be initiated from the remote host instead of the local host. For example, if you have a connection from an Event Processor in a secure environment to an Event Collector that is outside of the secure environment, and you have a firewall rule that would prevent you from having a host outside the secure environment connect to a host in the secure environment, you can switch which host creates the tunnel so that the connection is established from the Event Processor by selecting the Remote Tunnel Initiation checkbox for the Event Collector.

You cannot reverse the tunnels from your Console to managed hosts.