Security considerations

Edit online

IBM® Security QRadar® EDR runs on a Red Hat® OpenShift® Container Platform restricted security context constraints (SCC).

Security context constraints

QRadar EDR runs on a Red Hat OpenShift Container Platform restricted security context constraint (SCC). Microservices run with an arbitrary user and cannot run as root or with escalated privileges.

The security context definition for QRadar EDR containers sets the following fields:

privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsNonRoot: true

For more information about SCCs and container security context, see the Red Hat OpenShift Container Platform documentation (https://docs.openshift.com/container-platform/latest/authentication/managing-security-context-constraints.html).