Adding a QRadar Incident Forensics managed host to QRadar Console
For distributed installations, you must add IBM QRadar Incident Forensics Processor as a managed host to the QRadar Console.
A managed host is every non-console QRadar appliance in the deployment. To distribute processing, you can add more than one QRadar Incident Forensics Processor as a managed host.
Before you begin
Procedure
What to do next
You can add an QRadar Network Packet Capture device to the QRadar Incident Forensics Processor. For more information, see Adding packet capture devices to QRadar Incident Forensics hosts.