IBM QRadar Security Intelligence Platform

Quick Start Guide

Version 7.4.3

This guide gets you started with a typical installation.

To obtain the Quick Start Guide in other languages, print the language-specific PDF from the installation media.

About this task

Product overview

IBM® QRadar® Security Intelligence Platform products provide a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics, and configuration and vulnerability management. This Quick Start Guide provides information about installing IBM QRadar appliances.

Important: If QRadar is already installed on your appliance, use the following rules when you create the root password: Passwords must be at least 5 characters long, contain no spaces, and can contain the following special characters: @, #, ^, and *.
Important: You can use the verify signature tool to validate the integrity of your downloads from IBM Fix Central or Passport Advantage. For more information, see How to verify downloads from IBM Fix Central are trusted and code signed.

Procedure

  1. Access the software and documentation

    Review the release notes for the QRadar component that you want to install.

    Follow the instructions in the Download Document (http://www.ibm.com/support/pages/node/6435171) to download QRadar from IBM Passport Advantage®.

  2. Review front and back panel features

    Review the information about the front and back panel features for appliances to confirm proper connectivity and functionality.

    For more information on front and back panel features for appliances, see the IBM QRadar Hardware Guide.

    On the back panel of each appliance type, the serial connector and Ethernet connectors can be managed by using the Integrated Management Module. For further information on the Integrated Management Module, see the Integrated Management Module User's Guide.

  3. Installation prerequisites

    Ensure that the following requirements are met:

    • The required hardware is installed.
    • A notebook is connected to the serial port on the back of the appliance, or a keyboard and monitor are connected.
    • You are logged in as the root user.
    • You have a valid license key.
      Tip: Contact q1pd@us.ibm.com to acquire a license key. If you are a Cloud Pak for Security customer, you must provide the quantity of QRadar Event Analytics MVS or EPS that you purchased. If you also purchased QRadar Flow Analytics, you must also provide the MVS or FPM quantity.
  4. Installing a QRadar appliance

    For information about QRadar Risk Manager and QRadar Vulnerability Manager licensing, see QRadar Risk Manager and QRadar Vulnerability Manager.

    For information about QRadar Incident Forensics licensing, see QRadar Incident Forensics installation overview.

    1. Mount the QRadar ISO image:
      1. Create the /media/cdrom directory by typing the following command: 
        mkdir /media/cdrom
      2. Mount the QRadar ISO image by typing the following command: 
        mount -o loop <path_to_the_QRadar_ISO> /media/cdrom
    2. To begin the installation, type the following command: 
      /media/cdrom/setup
    3. Select Appliance Install for the appliance type.
    4. Select the appliance type from the list.
    5. For the type of setup, select normal.
    6. Set up the date and time.
    7. Select the IP address type.
    8. In the wizard, enter a fully qualified domain name in the Hostname field.
    9. In the IP address field, enter a static IP address, or use the DHCP-assigned IP address.

      For information about setting IPv6 primary or secondary host, see the IBM QRadar High Availability Guide.

    10. If you do not have an email server, enter localhost in the Email server name field.
    11. Create root and admin passwords. The admin password must meet the minimum length and complexity requirements that are enforced.
    12. Follow the instructions in the installation wizard to complete the installation. The installation process might take several minutes.
  5. Apply your license key
    1. Log in to QRadar as the admin user:

      https://<QRadar_IP_Address>

    2. Click the Admin tab.
    3. Click the System and License Management icon.
    4. Click Upload License, and upload your license key.
    5. Select the license and click Allocate System to License.
    6. From the list of licenses, select a license, and click Allocate License to System.
  6. Get started
    For more information about getting started with your QRadar components, see the following resources:

What to do next

More information

For full product documentation, see the IBM QRadar Security Intelligence Platform IBM Knowledge Center. Download the documentation in PDF format from the Download IBM Security QRadar documentation web page.