IBM® Security QRadar® EDR runs on a Red Hat® OpenShift® Container Platform restricted security context constraints (SCC).
Security context constraints
QRadar EDR runs on a Red Hat OpenShift Container Platform restricted security context constraint (SCC). Microservices run with an arbitrary user and cannot run as root or with escalated privileges.
The security context definition for QRadar EDR containers sets the following fields:
privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false runAsNonRoot: true
For more information about SCCs and container security context, see the Red Hat OpenShift Container Platform documentation (https://docs.openshift.com/container-platform/latest/authentication/managing-security-context-constraints.html).