Configure an IBM
QRadar SIEM Console on an
Oracle Cloud instance by using the Oracle Cloud image on Fix Central.
Before you begin
You must acquire entitlement to a QRadar Software Node before you
deploy the QRadar instance.
To acquire entitlement to a QRadar Software Node, contact
your QRadar Sales
Representative.
For any issues with QRadar software, engage IBM
Support. If you experience any problems with Oracle Cloud infrastructure, refer to Oracle Cloud
documentation. If IBM Support
determines that your issue is caused by the Oracle Cloud infrastructure, you must contact Oracle
Cloud for support to resolve the underlying issue with the Oracle Cloud infrastructure.
About this task
If you are installing a data gateway for QRadar on Cloud, go to installing a QRadar® data
gateway in Oracle Cloud.
You must use static IP addresses.
You cannot have more than two DNS entries. QRadar installation fails if
you have more than two DNS entries in the /etc/resolv.conf file.
Do not make any configuration changes, such as adding extra DNS entries, until after QRadar installation is
complete.
If you deploy a managed host and a Console in the same virtual network, use the private IP
address of the managed host to add it to the Console.
If you deploy a managed host and a Console in different virtual networks, you must allow firewall
rules for the communication between the Console and the managed host. For more information, see
QRadar port usage.
Procedure
- Download the image file.
- Go to the CLOUD MARKET PLACE section of Fix Central
(https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM®%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.4.0&platform=Linux®&function=all).
- Click
7.4.1-CMP-OracleCloud-CONSOLE-QRADAR-20220811114721.
- Download the image and .sig files.
The image file
download can take several hours.
- Use the .sig file to verify the integrity of the image
file.
- Upload the image file.
- Go to Oracle Cloud (https://www.oracle.com/ca-en/cloud/) and create a new storage
bucket.
- Upload the file.
The upload can take up to an hour. Do not rename the image
file. Renaming the file causes the import to fail.
- Import the image.
- In Oracle Cloud, click .
- Select a Compartment.
- Click Import Image.
- Enter a name for the image.
- Select Linux as the Operating system.
- Select Import from an Object Storage Bucket.
- Select the bucket that you uploaded the image file to from step 2.
- Select the image file that you uploaded from step 2.
- Select OCI for the image type.
- Click Import Image.
- When the image is created, click Create
Instance.
- Give your instance a name that is no longer than 58 characters. The
name can contain only alphanumeric characters and the - symbol.
- Select a compartment for the instance.
-
Select an availability domain for the instance.
- Select a shape that meets the minimum system requirements.
- Click Change Shape.
- Click Virtual machine as the Instance type.
- Select any shape from the AMD, Intel, or
Specialty and previous generation shape series that meets the system requirements for virtual appliances.
Important: Instances that contain extra storage drives are not supported.
For more
information, see the IBM
QRadar Installation Guide.
- Configure networking for the instance.
- Select a virtual cloud network compartment.
- Select a virtual cloud network.
- Select a subnet.
- Select Assign a public IPv4 address.
- Under Show Advanced Options check Use network security groups to control
traffic.
- Select a security group that allows port 22, and port 443 for a QRadar
Console, to create an allowlist of
trusted IP addresses that can access your QRadar deployment. In a QRadar deployment with multiple
appliances, other ports might also be allowed between managed hosts. For more information about what
ports might need to be allowed in your deployment, see Common ports
and servers that are used by QRadar.
- Add or generate an SSH key pair.
- Click Create.
- Add a second disk to your instance for storage.
- Go to and
click Create Block Volume.
- Name the volume and enter a size in GB.
The minimum size is 250 GiB. The
added disk must be the second disk. It cannot be the third or greater disk. When the installation is
complete, this disk contains the /store and /transient
partitions.
Warning: It is not possible to increase storage after installation.
- Select the same compartment that your instance was created in.
- Click Create Block Volume.
- Go to and
select your instance.
- Click Attached Block Volumes.
- Click Attach Block Volume.
- Select your block volume from the drop-down menu, then select
Paravirtualized as the attachment type.
- Click Attach.
- When the instance is ready, log in using the private key from your key pair.
ssh -i <private_key_file> cloud-user@<public_IP_address>
- Type the following command to install the console:
- Enter a password for the admin account. Set a strong password that meets the following
criteria:
- Contains at least 5 characters.
- Contains no spaces.
- Includes one or more of the following special characters: @, #, ^, and *.
What to do next
If you removed any DNS entries in /etc/resolv.conf, restore them.
The QRadar instance uses Coordinated Universal Time (UTC). You can change the time zone of the instance. For more information about changing the time zone, see IBM QRadar Administration Guide.
This image does not receive automatic software upgrades. You must manually upgrade your system to keep it up to date. To receive QRadar upgrade notifications, see IBM QRadar Upgrade Guide.