Creating an allowlist for air-gapped installation
After you complete an air-gapped installation of IBM Security QRadar® Suite Software, specific IP addresses and URLs must be included in an allowlist at the network layer to enable Threat Intelligence Insights to make requests to IBM® X-Force® Exchange and to access other sites that need to be accessed externally.
QRadar Suite Software requires access to the following URLs.
cp.icr.io
icr.io
registry.redhat.io
registry.access.redhat.com
.quay.io
.docker.io
access.redhat.com
api.openshift.com
.xforce.ibmcloud.com
cdn.walkme.com
www.ibm.com
vms-api.x-force-red.com
.abuseipdb.com
.alienvault.com
.apivoid.com
isc.sans.edu
.intezer.com
.intelligence.mandiant.com
.intelligence.fireeye.com
ibm.tqdemo.com
.threatgrid.com
.virustotal.com
.maxmind.com
geolite.info
.reversinglabs.com
.recordedfuture.com
icr.io
registry.redhat.io
registry.access.redhat.com
.quay.io
.docker.io
access.redhat.com
api.openshift.com
.xforce.ibmcloud.com
cdn.walkme.com
www.ibm.com
vms-api.x-force-red.com
.abuseipdb.com
.alienvault.com
.apivoid.com
isc.sans.edu
.intezer.com
.intelligence.mandiant.com
.intelligence.fireeye.com
ibm.tqdemo.com
.threatgrid.com
.virustotal.com
.maxmind.com
geolite.info
.reversinglabs.com
.recordedfuture.com
QRadar Suite Software in an air-gapped environment also requires access to these IP addresses.
104.17.83.18
104.17.84.18
104.17.84.18
If you configure an SMTP server for IBM Security SOAR email notifications, QRadar Suite Software also requires access the SMTP server and port.