IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Separating cold and hot data

    Posted Tue September 07, 2021 08:09 AM

    Hi! Please, help us with right organization of storages. Separate storage is necessary for current information and historical information. We want to store historical information (events and flows) on slow media and be able to unpack it for analysis only if necessary. The total archive depth is needed for 1 year (3 months of current logs and 9 months of historical ones). Which solutions or backup (and restore backup) procedures can be? As i understand needed set 3 month retention for data (events and flows) and 9 month backup retention. Backups will store in /store/backup from which we can move backup files to our internal storage? But every backup will contain early backuped data?



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Separating cold and hot data

    Posted Tue September 07, 2021 09:24 AM

    Data backups are incremental.

    See this: https://www.ibm.com/support/pages/backup-files-ibm-security-qradar-appliances-11xx-12xx-13xx-15xx

    Look for off-board storage for /store/backup options to store backup data/config.

    https://www.ibm.com/docs/en/SS42VS_7.4/pdf/b_offboard_storage.pdf



    #QRadar
    #Support
    #SupportMigration