Installation and configuration checklist for QRadar Cloud Visibility
You must be an administrator to install IBM® QRadar® Cloud Visibility. Use the IBM QRadar Extensions Management tool or the IBM QRadar Assistant app to install the QRadar Cloud Visibility app archive on your QRadar appliance.
As you install QRadar Cloud Visibility, review and complete all of the necessary tasks on the installation checklist.
- Review the supported environments. See Supported environments for QRadar Cloud Visibility.
- Ensure that you have an IBM ID. If you don't have one, you can sign up on the IBM Security App Exchange (https://apps.force.ibmcloud.com).
- Install the content extensions for the cloud services that you want to monitor. You can monitor offenses from the AWS, Microsoft Azure, and IBM Cloud services. For more information, see Installing content extensions to use in QRadar Cloud Visibility.
- Install QRadar Cloud Visibility. See Installing QRadar Cloud Visibility.
- Create an authentication token. See Creating an authorized service token for QRadar Cloud Visibility.
- Assign user permissions. See Assigning user capabilities for QRadar Cloud Visibility.
- Add log source types and log sources for cloud service providers. See Configuring cloud service providers to communicate with QRadar Cloud Visibility.
- Use the cloud integration guide to get an overview of the cloud integrations that QRadar supports and which ones are currently installed. Access the guide from the navigation menu.
If you're monitoring Amazon AWS resources, complete the following tasks:
- Install RPMs to use the capabilities on the CloudTrail Log Source tab on the Utilities page or to visualize Amazon VPC Flows. See c_Qapps_CSA_browsers.html#c_qapps_advisor_browsers__section_fhb_5kk_t2b.
- If required, use the configuration wizard to set up Amazon AWS cross-account access, but you can also view the AWS Offense dashboard without setting up AWS accounts. For more information, see Configuring Amazon AWS service to communicate with QRadar Cloud Visibility.
- If required, configure the integration with AWS Security Hub. For more information, see Integrating with AWS Security Hub.
- If required, configure the integration with Amazon Detective. See Integrating with Amazon Detective.
- If required, add a custom event property for GuardDuty FindingIDs. For more information, see Adding a custom event property for the GuardDuty FindingID.
- Configure advanced AWS services for QRadar Cloud Visibility, including log sources. See Utilities for configuring AWS services for QRadar Cloud Visibility.