Installing the Investigation Assistant app

Edit online

Before you begin

Note:
  • Only Llama 3.3 (llama-3-3-70b-instruct) is available as the large language model (LLM) in the initial version of Investigation Assistant.
  • You need a bidirectional internet access on port 443.

Before you install the app, ensure that QRadar meets the minimum memory (RAM) requirements. Investigation Assistant requires 500 MB of free memory from the application pool of memory. If Investigation Assistant fails to install, then your application pool does not have enough free memory to run the app. Consider adding an App Node or an App Host to your QRadar deployment. For more information on calculating the required memory, see Apps and Resource Limitation (https://support content.ibm.com/support/pages/apps-and-resource-limitation)

QRadar V7.3.2 or later use an App Host, which is a managed host, that is dedicated to running apps. App Hosts provide extra storage, memory, and CPU resources for your apps without impacting the processing capacity of your QRadar Console. For more information, see App Hosts.

Procedure

  1. Choose one of the following methods to download the app:
    1. If the IBM QRadar Hub app is configured on QRadar, see Downloading apps with the IBM QRadar Hub app to install Investigation Assistant.
    2. If the IBM QRadar Hub app is not configured, download the Investigation Assistant app archive from the IBM Security App Exchange on your local computer. You must have an IBM ID to access the IBM Security App Exchange.
  2. If you downloaded the app from the App Exchange, complete the following steps:
    1. On the QRadar Console, click Admin > Extensions Management.
    2. In the Extension Management window, click Add and select the app archive that you want to upload to the console.
    3. Select the Install immediately checkbox.
      Important: You might have to wait several minutes before your app becomes active.
    4. To preview the contents of the app after it is added and before it is installed, select it from the list of extensions, and click More Details. Expand the folders to view the individual content items in each group.
  3. When the installation is complete, clear your browser cache and refresh the browser window to see the Investigation Assistant tab.