After you create your virtual
machine, you must install
the IBM
QRadar software
on the virtual machine.
Before you begin
Create a virtual machine. For more information, see Creating your virtual machine.
Determine if you need to do an appliance installation or a software installation. For more
information about appliance installations and software installations, see Virtual appliance installations.
For a software installation, you must install Red Hat® Enterprise Linux® (RHEL) before you install QRadar. For more information
about installing RHEL for QRadar, see Installing RHEL on your system.
Procedure
- FIPS installation only On the Red Hat
Enterprise Linux 7.9 start menu, click
Tab to edit the vmlinuz line.
- FIPS installation only Add
qradar.fips=1
to the vmlinuz
line and click Enter. The result might look similar to this
example:
vmlinuz initrd=initrd.img inst.stage2=hd:LABEl=QRadar-2020_11_0_20201210153453 quiet inst.text inst.gpt inst.ks=hd:LABEL=QRadar-2020_11_0_20201210153452console=ttyS0,9600 console=tty1 qradar.fips=1
-
Log in to the virtual machine by typing root for the user
name.
The user name is case-sensitive.
-
Accept the End User License Agreement.
-
Select the appliance type:
- Non-Software Appliance for an appliance installation.
- Software Appliance for a software installation.
-
Select the appliance assignment, and then select Next.
-
If you selected an appliance for high-availability (HA), select whether the appliance is a
console.
-
For the type of setup, select Normal Setup (default) or HA
Recovery Setup, and set up the time.
-
If you selected HA Recovery Setup, enter the cluster virtual IP
address.
-
Select the Internet Protocol version: ipv4 or
ipv6.
-
If you selected ipv6, select manual or
auto for the Configuration type.
-
Select the bonded interface setup, if required.
-
Select the management interface.
-
In the wizard, enter a fully qualified domain name in the Hostname
field.
Important:
- The hostname must not contain only numbers.
- The console and managed host (MH) cannot have the same hostname.
-
In the IP address field, enter a static IP address, or use the assigned
IP address.
Important: If you are configuring this host as a primary host for a high availability
(HA) cluster, and you selected Yes for auto-configure, you must record the
automatically generated IP address. The generated IP address is entered during HA
configuration.
For more information, see the IBM Security QRadar High Availability Guide.
-
If you do not have an email server, enter localhost in the
Email server name field.
-
Enter root and admin passwords that meet the
following criteria:
- Contains at least 5 characters
- Contains no spaces
- Can include the following special characters: @, #, ^, and *.
-
Click Finish.
-
Follow the instructions in the installation wizard to complete the installation.
The installation process might take several minutes. When the installation is complete, if you
are installing a QRadar
Console, proceed
to step 18. If you are installing a managed host, proceed to Adding your virtual appliance to your deployment.
-
Apply your license key.
-
Log in to QRadar:
https://QRadar_IP_Address
-
Click Login.
-
On
the navigation menu ( ), click
Admin.
-
In the navigation pane, click System Configuration.
-
Click the System and License Management icon.
-
From the Display list box, select
Licenses, and upload your license key.
-
Select the unallocated license and click Allocate System to
License.
-
From the list of systems, select a system, and click Allocate System to
License.
- FIPS installation only Verify that FIPS mode is enabled by typing the following
command.
/opt/qradar/bin/myver
-fips
The output is 'true' on a FIPS mode enabled system and
'false' when FIPS mode is not enabled.
If the result is false, try to reinstall with FIPS mode
enabled.
What to do next
FIPS installation only
- Migrate to Docker-EE. For more information, see Migrating to Docker Enterprise Edition with FIPS.
- Update the cryptographic modules. For more information, see Updating cryptographic modules for FIPS.
-
Installing the QRadar® Log
Source Management app
(https://www.ibm.com/docs/en/SS42VS_SHR/com.ibm.lsmapp.doc/c_Qapps_LSM_intro.HTML).