IBM Support

QRadar: Does QRadar store data in an encrypted form

Question & Answer


Does QRadar store data in an encrypted form?


However, event data in QRadar® is not encrypted when stored, there are a number of things that can be done to protect data that is stored on the system:
  • The /store or /store/ariel partitions can be placed on an external device, which uses transparent (to QRadar) cryptography. To see how to use Offboard storage, see the QRadar Offboard Storage Guide, for the version of QRadar you are using.
  • Another alternative for sensitive data can be obfuscated. This process identifies certain data in events, by using regular expressions, and encrypts them to an obfuscated value. More information on data obfuscation is available in the QRadar Administration Guide, for the version of QRadar you are using.
  • Finally, event data might be protected from tampering by the use of event hashing. Event hashing is discussed in the QRadar Administration Guide under the Configuring system settings section of the Set up QRadar SIEM chapter.
Note: To set up encryption on the storage, see the documentation for your storage solution.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"Log Activity","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.x;7.2.8","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
10 February 2021