Adding a QRadar Incident Forensics managed host to QRadar Console
For distributed installations, you must add IBM® QRadar® Incident Forensics Processor as a managed host to the QRadar Console.
A managed host is every non-console QRadar appliance in the deployment. To distribute processing, you can add more than one QRadar Incident Forensics Processor as a managed host.
Before you begin
Log in to QRadar
Console as an
The default user name is admin. The password is the password of the root user account that was entered during the installation.
- On the navigation menu ( ), click Admin.
- In the System Configuration pane, click System and License Management.
- From the host table, click the QRadar Console host, and click .
Enter the information for the QRadar Incident Forensics
Processor appliance and then click
Restriction: Network Address Translation properties are not supported.
- From the Admin tab menu bar, click Deploy Changes.
Refresh your web browser.
The Forensics tab is now visible.
What to do next
You can add an QRadar Network Packet Capture device to the QRadar Incident Forensics Processor. For more information, see Adding packet capture devices to QRadar Incident Forensics hosts.