Common ports and servers used by QRadar
IBM QRadar requires that certain ports are ready to receive information from QRadar components and external infrastructure. To ensure that QRadar is using the most recent security information, it also requires access to public servers and RSS feeds.
SSH communication on port 22
All the ports that are used by the QRadar console to communicate with managed hosts can be tunneled, by encryption, through port 22 over SSH.
The console connects to the managed hosts by using an encrypted SSH session to communicate securely. These SSH sessions are initiated from the console to provide data to the managed host. For example, the QRadar Console can initiate multiple SSH sessions to the Event Processor appliances for secure communication. This communication can include tunneled ports over SSH, such as HTTPS data for port 443 and Ariel query data for port 32006. IBM QRadar Flow Collector that use encryption can initiate SSH sessions to Flow Processor appliances that require data.
Open ports that are not required by QRadar
- When you install QRadar on your own hardware, you might see open ports that are used by services, daemons, and programs included in Red Hat Enterprise Linux®.
- When you mount or export a network file share, you might see dynamically assigned ports that are
required for RPC services, such as
rpc.mountd
andrpc.rquotad
.