IBM QRadar

Dear QRadar Community Group, 

I am looking to deploy a BYOL QRadar instance in our AWS environment but would prefer to do so using Terraform as opposed to deploying from the Marketplace using the AWS console. 

Has anyone tried this before and are there any guidelines or is it just a matter of obtaining the relevant AMI id and launching an EC2 instance?

Regards,

Cossy

------------------------------
Cossy Cosmas
------------------------------

I know I've seen this question come through as a support case in the past and development did not have a template for Terraform to provide to users. I've heard that some users have created snippets or templates, but have not seen any myself. The last time I saw this question, development said it would be on the end user to create the template as they did not have anything to provide.

If anyone has done this, it would be good to share. I took a look at the /r/QRadar subreddit too, but did not find anything relevant to this discussion. Might not be a bad idea to raise visibility to the question in the subreddit as it gets a lot of traffic. Not the answer you were looking for, but I did want to confirm that we've seen these questions before and there is no official template that can be provided, but it is possible to use Terraform to install QRadar. 

------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com
------------------------------

Original Message:
Sent: Tue October 24, 2023 04:31 AM
From: Cossy Cosmas
Subject: Terraform Based Deployment in AWS

Dear QRadar Community Group, 

I am looking to deploy a BYOL QRadar instance in our AWS environment but would prefer to do so using Terraform as opposed to deploying from the Marketplace using the AWS console. 

Has anyone tried this before and are there any guidelines or is it just a matter of obtaining the relevant AMI id and launching an EC2 instance?

Regards,

Cossy

------------------------------
Cossy Cosmas
------------------------------

Hi Jonathan, 

Thanks for taking the time to reply. 

I decided to use the following template from AWS simply populating the missing attributes for things like EC2 instance type, subnet id, security groups, disk voume size, etc): 

"git::https://github.com/terraform-aws-modules/terraform-aws-ec2-instance.git?ref=v5.5.0"

The SIEM server has been deployed in our non-live environment although we haven't executed the "sudo /root/setup <appliance_id>", as we are waiting to be guided by our security team that have deployed this in other parts of our corporate network. 
 
Regards,
Cossy 

------------------------------
Cossy Cosmas
------------------------------

Original Message:
Sent: Thu October 26, 2023 11:50 AM
From: Jonathan Pechta
Subject: Terraform Based Deployment in AWS

I know I've seen this question come through as a support case in the past and development did not have a template for Terraform to provide to users. I've heard that some users have created snippets or templates, but have not seen any myself. The last time I saw this question, development said it would be on the end user to create the template as they did not have anything to provide.

If anyone has done this, it would be good to share. I took a look at the /r/QRadar subreddit too, but did not find anything relevant to this discussion. Might not be a bad idea to raise visibility to the question in the subreddit as it gets a lot of traffic. Not the answer you were looking for, but I did want to confirm that we've seen these questions before and there is no official template that can be provided, but it is possible to use Terraform to install QRadar. 

------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com

Original Message:
Sent: Tue October 24, 2023 04:31 AM
From: Cossy Cosmas
Subject: Terraform Based Deployment in AWS

Dear QRadar Community Group, 

I am looking to deploy a BYOL QRadar instance in our AWS environment but would prefer to do so using Terraform as opposed to deploying from the Marketplace using the AWS console. 

Has anyone tried this before and are there any guidelines or is it just a matter of obtaining the relevant AMI id and launching an EC2 instance?

Regards,

Cossy

------------------------------
Cossy Cosmas
------------------------------