Supported environments for QRadar DNS Analyzer

Before you install the IBM® QRadar DNS Analyzer app, ensure that you meet the following requirements.

Restriction: With optimal configurations, the QRadar® DNS Analyzer app V1.2.0 handles a maximum of 200,000 DNS data flows per minute. In a network environment where DNS flow exceeds 200,000 per minute, some of the flows might not be analyzed.

Table 1. Requirements for the QRadar DNS Analyzer installations
Requirement	Details
Supported IBM QRadar versions for 2.0.0 or later	QRadar 7.3.3FP6+ QRadar 7.4.1FP2+ QRadar 7.4.2+
Supported IBM QRadar versions before 2.0.0	QRadar 7.3.0 software update 2 (7.3.0.20170620100024) or later QRadar 7.3.1 Important: QRadar DNS Analyzer app 1.4.0 or later is only supported on QRadar 7.3.2 or later. You must upgrade older versions of the DNS Analyzer app to 1.4.0 before you upgrade QRadar to 7.3.2.
Browsers	The QRadar DNS Analyzer app is supported on Google Chrome and Mozilla Firefox.
Flow source	IBM® QRadar® Network Insights appliance
Log source	Use either of the following log source server. BIND DNS server Infoblox DNS server Microsoft DNS server BlueCat Networks Adonis DNS server Apache Proxy server Squid Proxy server McAfee Web Gateway server Cisco IronPort Web Security Appliance Check Point Firewall Note: The DNS Analyzer app ingests domain request data from both QNI flows and server logs.
Memory (RAM) from the application pool of memory	4 GB
Free storage space from the application pool of storage space.	48 GB Note: Use 64 GB for system optimization.
Network configuration	Port 443 must be open to communicate with X-Force® Exchange.
Performance optimization	Use an App Node appliance to improve the performance of the QRadar DNA Analyzer app.