Minimum system requirements
|Supported QRadar versions||You must have QRadar 7.4.2 or later installed.|
|QRadar Network Threat Analytics version||You must have at least QRadar Network Threat Analytics 1.1 installed. You cannot upgrade to newer versions of the app from QRadar Network Threat Analytics 1.0.|
|Flow data||You must ensure that the QRadar deployment has at least one week of continuous flow data before you install the app.|
|Memory requirements||You must have 4 GB of free memory available for application installations.
The combined memory requirements of all apps that are installed on a QRadar Console cannot exceed 10 percent of the total available memory. If you exceed the 10 percent memory allocation, the apps do not run.
Before you install the app, ensure that the network hierarchy is accurately defined.
Network traffic that does not fit within the defined network hierarchy, or traffic that has an IP address that does not have a known geolocation, is grouped together. In the QRadar Network Threat Analytics map view, the traffic appears to originate from a common location, labeled as Unknown location.
If you change the network hierarchy after the app baseline is created, some flows might not match the networks that are defined in the network baseline. These nonmatching flows might be flagged as anomalous. For more information about defining your network hierarchy, see Network hierarchy in the IBM QRadar Administration Guide.
To ensure that QRadar Network Threat Analytics has enough memory to run, install on an App Host. An App Host is a managed host that is dedicated to running apps. It provides extra storage, memory, and CPU resources for your apps without impacting the processing capacity of your QRadar Console. For more information, see App Hosts in the IBM QRadar Administration Guide.
For more information about how to calculate the amount of memory that is used by apps that are installed on the QRadar Console, see the Apps and Resource Limitation (https://www.ibm.com/support/pages/qradar-apps-and-memory-resource-limitation) technote.
QRadar Network Threat Analytics is supported on the current version of Mozilla Firefox, Google Chrome, and Microsoft Edge.