IBM Support

QRadar: Various ISOs available for rebuilding PCAP, QRIF, and QNI appliances

Question & Answer


There are a number of different ISO images available. How can we identify which ISO we need to use?


Due to export regulations, we are not allowed to package Forensics technology in the QRadar ISO. This was the main driver behind having a separate ISO for Forensics. The Forensics ISO is the QRadar ISO repackaged to include the Forensics RPMs.

  • The main ISO files can be used for QRadar SIEM, QRM, and QVM installations.
  • As explained, due to export regulations, a separate ISO file is provided for QRadar Incident Forensics (QRIF) and QRadar Network Insight (QNI) installations.
  • QRadar PCAP product has one ISO file for the main PCAP appliance.
  • QRadar PCAP product has another ISO file for the PCAP data node.
  • QRadar PCAP product also has a separate 1G Software Installs file, which is not an ISO but an sfs that is intended to be used with your own RHEL OS installation.
  • The Network Capture product that can also integrate with QRIF (but not as a Managed host) has its own installation medium. Contact IBM Support for more information.

Installation instructions for these products are available at IBM Knowledge Center.

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Installation","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018