QRadar Network Packet Capture-C 40 GB
New in 7.4.1 IBM® QRadar® Network Packet Capture-C 40 GB (MTM 4654-F3D) offers an optional appliance to store and manage data that is used by QRadar Incident Forensics. Any number of these appliances can be installed as a tap on a network or subnetwork to collect the raw packet data. QRadar Network Packet Capture-C 40 GB is based on the Dell R740xd XL server. Each appliance can support up to three QRadar Network Packet Capture-C Direct Attached Storage (4654-D2S) units. For more information about direct attached storage, see QRadar Network Packet Capture-C Direct Attached Storage.
The following table describes hardware information and requirements for the QRadar Network Packet Capture-C 40 GB appliance:
| Description | Value |
|---|---|
| CPU | 2 x Xeon Gold 6240 20C 2.6 GHz 24 MB Cache 150 W |
| Network capture transceivers |
2 x 40 GbE SR4 QSFP+ transceivers (Finisar FTL410QD2C) Use these transceivers with the network packet capture card, labeled as [3] in the appliance diagram. |
| Network management transceivers |
2 x 10 GbE Short Range SFP+ The transceivers might have one of the following part numbers:
Use these transceivers with the 2 x 10 GbE SFP+ management ports, labeled as [6] in the appliance diagram. |
| Ports |
4 x 10/100/1000 Base-T Ethernet management ports 1 x RJ-45 10/100/1000 Mb Ethernet systems management (IMM) port 2 x 40 GbE SR4 QSFP+ ports (Model NT200A02) 2 x 10 Gbps SFP+ management ports 3 x Direct Attached Storage (DAS) ports |
| Memory | 8 x 16 GB (128 GB) |
| Storage |
12 x 8 TB 7.2 K 12 Gbps 3.5” NLSAS / PERC H740P RAID 5 2 x 1.2 TB 10 K 12 ps 2.5” SAS / PERC H740 GbP RAID 1 |
| Power® supply | Dual redundant 1100 W AC |
| Dimensions | 29.0 inches deep x 17.1 inches wide x 3.4 inches high |
The following image is of the QRadar Network Packet Capture-C 40 GB appliance.
| Label | Description |
|---|---|
| 1 | Event data storage |
| 2 | 1x RJ-45 10/100/1000 Mb Ethernet systems management (IMM) port |
| 3 | 2 x 40 GbE SR4 QSFP+ network capture ports |
| 4 | External RAID DAS ports |
| 5 | Management ports (1 GbE TX) |
| 6 | Management ports (10 GbE SFP+) |
| 7 | QRadar firmware storage |
For information about battery replacement, see Dell EMC PowerEdge R740 Installation and Service Manual (https://topics-cdn.dell.com/pdf/poweredge-r740_owners-manual_en-us.pdf).
QRadar Network Packet Capture-C Direct Attached Storage
New in 7.4.1 As an option you can add the QRadar Network Packet Capture Direct Attached Storage appliance to the QRadar Network Packet Capture-C 40 GB appliance to increase the storage capacity. You can manage both the internal and external storage as a single interface. This helps reduce resource load on the system and enables easier navigation. The QRadar Network PCAP-C Direct Attached Storage appliance is based on the Dell MD1400.
| Description | Value |
|---|---|
| Ports |
4x 12 Gb Mini-SAS |
| Storage |
12 x 8 TB 3.5” RAID 5 (88 TB) |
| Power supply | AC - 600 W |
| Dimensions | 23.3 inches deep x 18.9 inches wide x 3.4 inches high |
The following image is of the QRadar Network PCAP-C Direct Attached Storage appliance.
The QRadar Network Packet Capture-C 40 GB can have up to three QRadar Network PCAP-C Direct Attached Storage storage units connected. The following image is of the QRadar Network Packet Capture-C 40 GB appliance with three QRadar Network PCAP-C Direct Attached Storage appliances that are connected showing the wiring configuration.
Without a DAS unit, the QRadar Network Packet Capture-C 40 GB appliance can capture up to 10 Gbps. Each additional QRadar Network PCAP-C Direct Attached Storage appliance that is connected increases the capture rate by 10 Gbps.