Quick Start Guide

Version 1.10

Note: © Copyright IBM® Corporation 2022, 2023. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM, ibm.com®, the IBM logo, are trademarks of IBM Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at Copyright and trademark information (www.ibm.com/legal/copytrade.shtml).

About this task

IBM Security QRadar® Suite Software helps your organization detect and investigate threats, orchestrate, and automate actions; and respond faster to security incidents across hybrid multi-cloud environments.

The QRadar Suite Software platform uses an infrastructure-independent common operating environment that can be installed and run anywhere. It comprises containerized software pre-integrated with the Red Hat® OpenShift® enterprise application platform, which is trusted and certified by thousands of organizations around the world.

The platform can connect disparate data sources to uncover hidden threats and make better risk-based decisions. Securely access IBM and third-party tools to search for threat indicators across any cloud or on-premises location. Connect your workflows with a unified interface so you can respond faster to security incidents.

Your QRadar Suite Software bundle can include the following Guardium® components:

IBM Security Guardium Insights is a collaborative, robust data security platform that is designed to help unify and modernize the SOC. It enables you to consolidate visibility across on-premises and cloud databases; retain data security and audit data for years; and use machine learning and analytics to surface key insights, detect anomalous behavior, and uncover hidden threats.
IBM Security Guardium Data Protection is a data activity monitoring and compliance reporting solution that is built to protect sensitive data stored across platforms. Guardium Data Protection helps organizations protect their critical data, wherever it is kept, whether on premises or across hybrid multicloud environments.
IBM Security Guardium Vulnerability Assessment solution identifies threats and security holes in databases, data warehouses, and big data environments hosted on-premises or in hybrid multicloud that might be used by malicious actors to access sensitive data.

The following capabilities are available with QRadar Suite Software.

IBM Security QRadar Suite

IBM Security QRadar EDR
IBM Security QRadar EDR Enterprise
IBM Security QRadar SOAR
IBM Security QRadar SOAR Breach Response Add-On
IBM QRadar SIEM
IBM QRadar NDR
IBM QRadar Data Lake
IBM Security Data Explorer
IBM Security Threat Intelligence Insights
IBM Security Threat Investigator
IBM Security Risk Manager

IBM Security Guardium Package (software)

Procedure

Requirements
Ensure that your servers meet the minimum hardware and software requirements for QRadar Suite Software.
Red Hat OpenShift Container Platform 4.10.X, or 4.12.X is a prerequisite for QRadar Suite Software. For more information, see the following topic:
- Installing OpenShift Container Platform clusters
Storage requirements, hardware, licensing, part numbers, and entitlement for setting up an IBM Security QRadar Suite Software cluster are documented in the following topics:
Important: Red Hat OpenShift is not a prerequisite for the installation for IBM QRadar or IBM Security Orchestration, Automation, and Response Platform (SOAR) stand-alone solution.
Installation

After you install Red Hat OpenShift Container Platform, download and install IBM Security QRadar Suite Software. For more information, see Installing IBM Cloud Pak® for Security.
Components
If you have the appropriate license and entitlement, you can also install the following stand-alone offerings:
- IBM Security SOAR and SOAR Breach Response
  If you have an Orchestration & Automation license, you can choose between the stand-alone version on a virtual appliance, or the application on QRadar Suite Software:
  - The stand-alone virtual appliance provides the full feature set of IBM Security SOAR Platform. For more information about downloading, installing, and using the stand-alone virtual appliance version of IBM Security SOAR and IBM Security SOAR Breach Response, see SOAR Platform.
  - The application that is integrated on QRadar Suite Software provides most, but not all, of the IBM Security SOAR Platform feature set. For more information, see IBM Security SOAR.
  For information about the license and license keys, see Cloud Pak for Security licensing.
- IBM QRadar SIEM, NDR , and Data Lake
  IBM QRadar Security Intelligence Platform is an independently installed product and can provide SIEM event analytics, NDR flow analytics, and Data Store. For more information, see IBM QRadar Security Intelligence Platform documentation.
  
  For information about the license and license keys, see License options.
- IBM Security Guardium Insights
  Guardium Insights is an independently installed product. For more information, see IBM Security Guardium Insights.
- IBM Security Guardium Data Protection
  Guardium Data Protection is an independently installed product. For more information, see IBM Security Guardium Data Protection.
  
  For information about the license and license keys, see Cloud Pak for Security licensing.
- IBM Security Guardium Vulnerability Assessment
  Guardium Vulnerability Assessment is an independently installed product. For more information, see IBM Security Guardium Vulnerability Assessment
- IBM Security QRadar EDR
  QRadar EDR and QRadar EDR Enterprise are independently installed products.

What to do next

More information

For full product documentation, see IBM Cloud Pak for Security.