IBM Support

QRadar: Enabling hashes for data integrity checks and system performance

Question & Answer


Question

What is the performance impact of using HMAC, and how does QRadar handle key management?

Answer

The performance overhead of writing file hashes for events and flow data validation negligible, regardless of the HMAC encryption option selected. HMAC is no more expensive than the default options supported by QRadar previously. When enabled, HMAC keys are added to new events and flows as they are written to disk. When administrators run an integrity check, the check might take time to complete depending on the amount of data being validated. Integrity checks do not cause performance issues, assuming the system is not at maximum load for disk input.

From more information on HMAC, refer to the section Enabling hashes for event and flow data in the QRadar Administration Guide.

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Admin Console","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"7.3.1;7.3;7.2.8;7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
12 February 2021

UID

swg21965783