QRadar Network Insights installations on Amazon Web Services

You can send your Amazon Web Services (AWS) network traffic to IBM® QRadar® Network Insights for content inspection and monitoring.
To deploy QRadar Network Insights on Amazon Web Services (AWS), follow this procedure:
  1. Review the minimum system requirements.

    Ensure that the instance that you plan to install meets the minimum system requirements.

  2. Use the IBM QRadar SIEM .ami image on AWS Marketplace to install the QRadar components.

    You must install a QRadar Console and a QRadar Network Insights managed host. Other managed hosts, such as flow processors, are optional.

    For information about how to install QRadar components on AWS, see Configuring a QRadar 7.4.3 virtual appliance on Amazon Web Services.

  3. Add the QRadar Network Insights managed host to the QRadar Console.
  4. Configure the flow sources.
  5. Configure a traffic mirroring session.
  6. Verify that the deployment is receiving flow data.

Deployment architecture

The following image shows the traffic flow in a deployment that includes two QRadar Network Insights mirror targets. One QRadar Network Insights instance is used as a flow source for a Flow Processor, while the other instance sends network traffic directly to the QRadar Console.
Figure 1. Example of a QRadar Network Insights deployment on Amazon Web Services
Graphic that shows the mirrored traffic flow in a deployment that has a QRadar Console with one Flow Processor and two QRadar Network Insights hosts attached.