QRadar Network Packet Capture M7 appliance
QRadar Network Packet Capture (MTM 4723-P1A) offers an optional appliance to store and manage data that is used by QRadar Incident Forensics when no other network packet capture (Network PCAP) device is deployed. Any number of these appliances can be installed as a tap on a network or subnetwork to collect the raw packet data. QRadar Network Packet Capture is based on the Lenovo System SR650 V2 (2U). Each appliance can support up to eight QRadar Network Packet Capture Direct Attached Storage (4563-D1S) units. For more information about direct attached storage, see QRadar Network Packet Capture Direct Attached Storage .
The following table describes hardware information and requirements for the QRadar Network Packet Capture appliance:
Description | Value |
---|---|
CPU | 2 x Gold 6354 18 C 3.0 GHz 205 W |
Network capture transceivers |
2 x SR 10 GbE SFP+ 2 x TX 1 GbE SFP 2 x SX 1 GbE SFP Use these transceivers with the network packet capture card, labeled as [6] in the appliance diagram. |
Network management transceivers |
Lenovo Dual Rate 10/25 GbE SFP28 Transceiver, The transceivers has the following part numbers: AFBR-735ASMZ-LVX Use these transceivers with the management ports, labeled as [4] in the appliance diagram |
Ports |
4 x 10/100/1000 Base-T Ethernet management ports 1 x RJ-45 10/100/1000 Mb Ethernet systems management (IMM) port 4 x Network capture ports (SFP/SFP+) 2 x 10/25 GbE SFP28 management ports 2 x Direct Attached Storage (DAS) ports |
Memory | 128 GB (8 x 16 GB) |
Storage | 88 TB: 12 x 8 TB 3.5" HDD RAID 5 Controller: RAID 940-16i 8 GB NV Cache and1 TB HDD: 2 x 1 TB 2.5" HDD RAID 1 Controller: RAID 940-8i 4 GB NV Cache |
Power® supply | Dual redundant 1100 W AC |
Dimensions | 30.1 inches deep x 17.5 inches wide x 3.4 inches high |
The following image is of the QRadar Network Packet Capture appliance.
Label | Description |
---|---|
1 | Event data storage |
2 | Management ports (1 GbE TX) |
3 | IMM Port (1 GbE TX) |
4 | Management Ports (10/25 GbE SFP28) |
5 | External RAID DAS Ports |
6 | Network Packet Capture (SFP/SFP+) |
7 | QRadar Firmware Storage |
For information about battery removal, see Removing the coin-cell battery (https://thinksystem.lenovofiles.com/help/index.jsp?topic=%2F7X05%2Fcmos_battery_replacement.html&cp=4_8_8_13&anchor=CMOS_battery_replacement).
QRadar Network Packet Capture Direct Attached Storage
As an option you can add the QRadar Network Packet Capture Direct Attached Storage (4563-D1S) appliance to the IBM QRadar Network Packet Capture appliance to increase the storage capacity. You can manage both the internal and external storage as a single interface. This helps reduce resource load on the system and enables easier navigation. The QRadar Network Packet Capture Direct Attached Storage appliance is based on the Lenovo D1212.
Description | Value |
---|---|
Ports |
3 x 12 Gb Mini-SAS 2 x 10/100 MbE management |
Storage |
12 x 8 TB 3.5” RAID 5 (88 TB) |
Power supply | 2 x 580 W AC |
Dimensions | 24.8 inches deep x 17.4 inches wide x 3.4 inches high |
The following image is of the QRadar Network PCAP Direct Attached Storage appliance.
The QRadar Network Packet Capture appliance can have up to eight QRadar Network Packet Capture Direct Attached Storage (4563-D1S) storage units connected in a daisy chain configuration. The following image is of the QRadar Network Packet Capture appliance with a QRadar Network PCAP Direct Attached Storage appliance that is connected showing the wiring configuration.
The QRadar Network Packet Capture appliance can capture up to a rate of 10 Gbps. Adding QRadar Network PCAP Direct Attached Storage appliances to your Lenovo QRadar Network Packet Capture does not increase the capture rate.