Minimum system requirements

Before you install the IBM® QRadar® Network Threat Analytics app, ensure that your deployment meets the minimum system requirements.

Table 1. System requirements for the QRadar Network Threat Analytics app
Requirement	Description
Supported QRadar versions	You must have QRadar 7.4.2 or later installed.
QRadar Network Threat Analytics version	You must have at least QRadar Network Threat Analytics 1.1 installed. You cannot upgrade to newer versions of the app from QRadar Network Threat Analytics 1.0.
Flow data	You must ensure that the QRadar deployment has at least one week of continuous flow data before you install the app.
Memory requirements	You must have 4 GB of free memory available for application installations. The combined memory requirements of all apps that are installed on a QRadar Console cannot exceed 10 percent of the total available memory. If you exceed the 10 percent memory allocation, the apps do not run.

Network hierarchy

Before you install the app, ensure that the network hierarchy is accurately defined.

For best results, ensure that you include the Country/Region, Latitude, and Longitude values when you define the network segment.

Image of the QRadar Edit Network window that shows the parameters to define the network hierarchy. — Figure 1. QRadar network hierarchy definition

Network traffic that does not fit within the defined network hierarchy, or traffic that has an IP address that does not have a known geolocation, is grouped together. In the QRadar Network Threat Analytics map view, the traffic appears to originate from a common location, labeled as Unknown location.

If you change the network hierarchy after the app baseline is created, some flows might not match the networks that are defined in the network baseline. These nonmatching flows might be flagged as anomalous. For more information about defining your network hierarchy, see Network hierarchy in the IBM QRadar Administration Guide.

App Hosts

To ensure that QRadar Network Threat Analytics has enough memory to run, install on an App Host. An App Host is a managed host that is dedicated to running apps. It provides extra storage, memory, and CPU resources for your apps without impacting the processing capacity of your QRadar Console. For more information, see App Hosts in the IBM QRadar Administration Guide.

For more information about how to calculate the amount of memory that is used by apps that are installed on the QRadar Console, see the Apps and Resource Limitation (https://www.ibm.com/support/pages/qradar-apps-and-memory-resource-limitation) technote.

Supported browsers

QRadar Network Threat Analytics is supported on the current version of Mozilla Firefox, Google Chrome, and Microsoft Edge.