Encryption

To provide secure data transfer between each of the appliances in your environment, IBM® QRadar® has integrated encryption support that uses OpenSSH. Encryption occurs between managed hosts; therefore, you must have at least one managed host before you can enable encryption.

When encryption is enabled, a secure tunnel is created on the client that initiates the connection, by using an SSH protocol connection. When you enable encryption on a managed host, an SSH tunnel is created for all client applications on the managed host. When you enable encryption on a non-Console managed host, encryption tunnels are automatically created for databases and other support service connections to the Console. To ensure that all data between managed hosts is encrypted, enable encryption.

For example, with encryption enabled on an Event Processor, the connection between the Event Processor and Event Collector is encrypted, and the connection between the Event Processor and Magistrate is encrypted.