You can install IBM Security QRadar Suite Software (formerly
known as IBM Cloud Pak for Security) from the IBM
Cloud catalog.
Procedure
-
Go to the IBM Cloud
Catalog
, and select
the Cloud Paks filter. Then, select the IBM Cloud Pak for
Security tile.
- Configuring the installation.
- Select the latest QRadar Suite Software
version for the installation.
- Create or select a Red Hat® OpenShift®
4.14.x
cluster for your
installation. For more information, see Red Hat OpenShift on IBM Cloud.
- Create or select a Project or Namespace.
- Configure your workspace.
- Set your deployment values as outlined in the following tables.
Table 1. Required deployment
parameters for QRadar Suite Software
| Required values |
Description |
Default |
| adminUser |
The user that is to be assigned as an Administrator in the default
QRadar Suite Software account after installation. The
Administrator user must exist in an Lightweight Directory Access Protocol
(LDAP) directory that you will setup in the post installation task Configuring LDAP authentication; or is a user that is added and
authenticated using the IBM Cloud account in which the cluster was created. |
|
Important: The user that you provide as adminUser must be the admin
for the LDAP directory with an email address in the LDAP directory. Take note of the user that you
provide as that user will be required as the initial user to log in to QRadar Suite Software.
Table 2. Optional deployment
parameters for QRadar Suite Software
| Required values |
Description |
Default |
| domain |
The Fully Qualified Domain Name (FQDN) created for QRadar Suite Software. When the domain is not specified, it will
be generated as cp4s.<cluster_ingress_subdomain> |
|
| domainCertificate |
TLS certificate associated to the QRadar Suite Software application domain. If the
domain is not specified, Red Hat OpenShift cluster certificates will be used. |
|
| domainCertificateKey |
TLS key associated to the QRadar Suite Software
application domain. If the domain is not specified, Red Hat OpenShift cluster certificates will be used. |
|
| customCA |
Custom TLS certificate associated to the QRadar Suite Software application domain. |
|
| storageClass |
The provisioned block or file storage class to be used for creating all the PVCs required by
QRadar Suite Software. When it is not specified, the
default storage class in the cluster will be used. |
|
| backupStorageClass |
Storage class used for creating the backup PVC. If this value is not set, QRadar Suite Software will use the same value set in
storageClass parameter. |
|
| backupStorageSize |
Override the default backup storage PVC size. |
500Gi |
| imagePullPolicy |
Image pull policy for the containers. |
IfNotPresent |
| roksAuthentication |
Enable ROKS Authentication. For more details, see Configuring
Red Hat OpenShift authentication on IBM Cloud®. |
false |
| deployDRC |
Deploy Detection and Response Center application. Optional
when deploying QRadar Suite Software. For more
information, see Exploring security rule use cases with Detection and Response Center. |
true |
| deployRiskManager |
Deploy Risk Manager application. Optional when deploying QRadar Suite Software. For more information, see IBM Security Risk Manager. |
true |
| deployThreatInvestigator |
Deploy Threat Investigator application. Optional when deploying QRadar Suite Software. For more information, see Investigating cases with IBM Security Threat
Investigator. |
true |
- Ensure that you have acquired a license for the QRadar Suite Software deployment.
- Confirm that you have read and agreed to the license.
- When all the required parameters are set, click Install.
Important: Installation takes approximately 1.5 hours. After you start the installation,
you are brought to the Schematics workspace for your QRadar Suite Software. You can track progress by viewing the
logs. Go to the Activity tab, and click View
logs.
- Verify QRadar Suite Software
installation.
- Log in to the Red Hat OpenShift web
console and ensure you are in the Administrator view.
- Go to and ensure that the Project is set to the
namespace where QRadar Suite Software was
installed.
- In the list of installed operators, click IBM Cloud Pak for
Security.
- On the Threat Management tab, select the
threatmgmt instance.
- On the Details page, the following message is displayed in the
Conditions section when installation is complete.
Cloudpak for Security Deployment is successful
What to do next
- If the adminUser you provided is a user ID that you added and authenticated
by using the IBM Cloud account that is associated with the cluster and
roksAuthentication was enabled, go to step 2. Otherwise, Configure LDAP authentication and ensure that the
adminUser that you provided exists in the LDAP directory.
- Log in to QRadar Suite Software using the
domain and the adminUser that you provided during
installation. The domain, also known as application URL, can be retrieved by
running the following
command:
oc get route isc-route-default --no-headers -n <CP4S_NAMESPACE> | awk '{print $2}'
Select
Enterprise LDAP in the login screen if you are logging in using an LDAP you
connected to foundational services, otherwise use
OpenShift Authentication if it is enabled.
- Add users to QRadar Suite Software. For more
information, see User access, roles, and
permissions.
- Configure data sources. For more information, see Universal Data Insights connectors.