QRadar Incident Forensics installation overview
The security capabilities that are available to you in IBM® QRadar® Incident Forensics depends on the type of installation that have.
For example, in a stand-alone deployment, a single QRadar Incident Forensics Standalone (6100) appliance provides only network forensics capabilities.
In a distributed deployment, a QRadar Incident Forensics Processor (6000) appliance is connected to a QRadar Console (3199) as a managed host, which provides more security capabilities than a stand-alone deployment.
You can also install QRadar Incident Forensics software on your own appliance or on a virtual appliance. QRadar Incident Forensics must be installed on a Red Hat® Enterprise Linux® operating system.
For most installations, you install the QRadar Console, at least one QRadar Incident Forensics Processor, and one or more QRadar Network Packet Capture appliances.