Hello Everyone,

I had a request today from the AWS Cloud team to see if they can spin up a STIGed VM in AWS Cloud with RHEL 7.9 on it that we can then install QRadar on top of. This would be instead of what is available on Amazon Marketplace for QRadar. I haven’t heard of that before so I wanted to check if it is feasible as I haven’t found any documentation on that.

The other thing is that even if we install it on top of a STIGed VM, it will still get unSTIGed when we manually install QRadar on it and then we would have to manually STIG it again as it would nullify what they are trying to accomplish.

I will note that at the moment, no QRadar versions I'm aware of use RHEL 7.9 (yet). The latest version we support for QRadar installs in RHEL 7.6 or 7.7 depending on the QRadar version you want to install.

I talked with development on this question and it is not supported. A QRadar install on top of an already STIG'd RHEL is likely to fail with a variety of permissions errors. While it is technically feasible to start with a vanilla RHEL, install QRadar, then apply QRadar's STIG scripts, IBM does not support for 'software' installs in cloud.

All QRadar software versions are tested against their underlying version and trying to install QRadar latest on RHEL 7.9 with on-prem or Cloud will experience issues as we look for specific packages at tested versions.

That's what I was thinking as well. Thanks for confirming it for me Jonathan!