QRadar EDR system requirements

You must install IBM® Security QRadar® EDR on a Red Hat® OpenShift® Container Platform cluster. To make sure that QRadar EDR works correctly, you must meet or exceed the minimum requirements on your Red Hat OpenShift Container Platform cluster. You can install QRadar EDR on a self-managed cluster (Bare metal, KVM, or VSphere) or a cluster supported by cloud providers.

Important: These requirements are for one instance of QRadar EDR running on Red Hat OpenShift Container Platform. Do not install anything other than QRadar EDR on your cluster.

Network requirements

Red Hat OpenShift Container Platform must have access to the URLs listed in Configuring your firewall for OpenShift Container Platform.

QRadar EDR requires access to the following URLs.

cp.icr.io
icr.io
registry.redhat.io
registry.access.redhat.com
.quay.io
.docker.io
access.redhat.com
api.openshift.com
www.ibm.com
cdn.reaqta.cloud
feeder.reaqta.io

You can install QRadar EDR on a cluster that uses a cluster-wide HTTPS proxy. For more information about setting up a cluster-wide proxy, see Configuring a cluster-wide HTTPS proxy.

Supported cloud providers

QRadar EDR deployment is verified on the following cloud managed Red Hat OpenShift Container Platform clusters.
Amazon Web Services
VMware
Important: If you are using VMWare clusters that are hosted on multiple ESXi hosts, your storage must be shared between those hosts.
To deploy QRadar EDR on VMWare, the following requirements must be met:
  • VMware vSphere version 7.0 Update 2 or later
  • vCenter 7.0 Update 2 or later
  • Virtual machines of hardware version 15 or later
Important: Deploying QRadar EDR alongside existing anti-virus solutions might cause technical issues. The configuration must be thoroughly tested before production.