IBM QRadar Security Intelligence Platform
Quick Start Guide
To obtain the Quick Start Guide in other languages, print the language-specific PDF from the installation media.
About this task
IBM QRadar Security Intelligence Platform provides a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics, and configuration and vulnerability management.
Procedure
-
Access the software and documentation
Review the release notes for the QRadar component that you want to install.
Follow the instructions in the Download Document (https://supportcontent.ibm.com/support/pages/downloading-ibm-qradar-v750) to download QRadar from IBM® Passport Advantage®.
Tips: If QRadar is already installed on your appliance, use the following rules when you create the root password:- At least 5 characters long
- Contains no spaces
- Can contain the following special characters: @, #, ^, and *
-
Ensure that the following requirements are met:
- The required hardware is installed.
- A notebook is connected to the serial port on the back of the appliance, or a keyboard and monitor are connected.
- You are logged in as the root user.
- You have a valid license key. Tip: Contact q1pd@us.ibm.com to acquire a license key. If you are a Cloud Pak for Security customer, you must provide the quantity of QRadar Event Analytics MVS or EPS that you purchased. If you also purchased QRadar Flow Analytics, you must also provide the MVS or FPM quantity.
-
Review front and back panel features
Review the information about the front and back panel features for appliances to confirm proper connectivity and functionality. For more information about front and back panel features for appliances, see the IBM QRadar Hardware Guide.
You can manage the serial connector and Ethernet connectors on the back panel of each appliance by using the Integrated Management Module. For more information about the Integrated Management Module, see the Integrated Management Module User's Guide.
-
Installation prerequisites
Ensure that the following requirements are met:
- The required hardware is installed.
- A notebook is connected to the serial port on the back of the appliance, or a keyboard and monitor are connected.
- You are logged in as the root user.
- You have a valid license key. For more information about QRadar Risk Manager and QRadar Vulnerability Manager licensing, see QRadar Risk Manager and QRadar Vulnerability Manager.Important: The IBM QRadar Vulnerability Manager scanner is end of life (EOL) in 7.5.0 Update Package 6, and is no longer supported in any version of IBM QRadar. For more information, see QRadar Vulnerability Manager: End of service product notification (https://www.ibm.com/support/pages/node/6853425).
For more information about QRadar Incident Forensics licensing, see QRadar Incident Forensics installation overview.
Tip: Contact q1pd@us.ibm.com to acquire a license key. If you are a Cloud Pak for Security customer, you must provide the quantity of QRadar Event Analytics MVS or EPS that you purchased. If you also purchased QRadar Flow Analytics, you must also provide the MVS or FPM quantity.
-
Install the QRadar
appliance.
- Mount the QRadar ISO
image:
- Create the /media/cdrom directory by typing the following command:
mkdir /media/cdrom
- Mount the QRadar ISO
image by typing the following command:
mount -o loop <path_to_the_QRadar_ISO> /media/cdrom
- Create the /media/cdrom directory by typing the following command:
- To begin the installation, type the following command:
/media/cdrom/setup
- Select Appliance Install for the appliance type.
- Select the appliance type from the list.
- For the type of setup, select Normal.
- Configure the date and time.
- Select the IP address type.
- In the wizard, enter a fully qualified domain name in the Hostname field.
- In the IP address field, enter a static IP address, or use the
DHCP-assigned IP address.
For more information about setting IPv6 primary or secondary host, see the IBM QRadar High Availability Guide.
- If you do not have an email server, enter localhost in the Email server name field.
- Create root and admin passwords. The admin password must meet the minimum length and complexity requirements that are enforced.
- Follow the instructions in the installation wizard to complete the installation. The installation process might take several minutes.
- Mount the QRadar ISO
image:
-
Apply your license key
- Log in to QRadar as the
admin user:
https://<QRadar_IP_Address>
- Click the Admin tab.
- Click the System and License Management icon.
- Click Upload License, and upload your license key.
- Select the license and click Allocate System to License.
- From the list of licenses, select a license, and click Allocate License to System.
- Log in to QRadar as the
admin user:
-
Get started with QRadar
components.
QRadar comprises many components and apps. For more information about QRadar components, see the following resources:
What to do next
For full product documentation, see the IBM QRadar Security Intelligence Platform IBM Knowledge Center. Download the documentation in PDF format from the Download IBM Security QRadar documentation web page.