Question & Answer
What is the performance impact of using HMAC, and how does QRadar handle key management?
The performance overhead of writing file hashes for events and flow data validation negligible, regardless of the HMAC encryption option selected. HMAC is no more expensive than the default options supported by QRadar previously. When enabled, HMAC keys are added to new events and flows as they are written to disk. When administrators run an integrity check, the check might take time to complete depending on the amount of data being validated. Integrity checks do not cause performance issues, assuming the system is not at maximum load for disk input.
From more information on HMAC, refer to the section Enabling hashes for event and flow data in the QRadar Administration Guide.
Was this topic helpful?
12 February 2021