Business scenarios for using Disconnected Log Collector

Disconnected Log Collector is suitable for a range of business scenarios:

Secured network zones

In high-security unidirectional networks (also known as data diodes), Disconnected Log Collector can use the connectionless UDP protocol to send events to QRadar.

Managed security service providers (MSSPs)

Disconnected Log Collector can be installed on small to medium-sized customer sites and doesn’t rely on a virtual private network (VPN) to send events to the MSSP. Disconnected Log Collector simplifies administration because each instance clearly belongs to a particular customer domain.

Multi-location businesses

In large retailers and other multi-location businesses, each location typically generates only a few events per second that doesn’t justify the cost of a 15xx Event Collector appliance. Disconnected Log Collector can be installed on a cost-effective Linux® computer or virtual machine, where it can collect and send events to the central security infrastructure.

IBM QRadar on Cloud deployments

For businesses that track only events (not flows or vulnerability scans), Disconnected Log Collector is a lightweight alternative to installing a Data Gateway managed host and doesn’t rely on a VPN to send events to QRadar on Cloud.