IBM Security QRadar

 View Only

FAQ: Deploying QRadar Event Collectors in Microsoft Azure

By Wendy Willner posted Wed September 22, 2021 05:08 AM

  

Hi QRadar Community,

 My teammate Rory Bray and I recently spent some time with a QRadar user who was preparing to add an Event Collector in hosted Azure to an existing On-Prem QRadar Environment for the first time.

 See below for some the questions we discussed in this session and that we often discuss with QRadar users leveraging in the Azure Marketplace for the first time (here).





1. Is it easy to deploy an Event Collector in Azure and do many QRadar Users leverage IBM Security’s Cloud Images?

 Yes! Many QRadar customers have Event Collectors as well as Event Processors and Consoles in Azure! No, it is not difficult to deploy Event Collectors in Azure.


2. I see that the QRadar Image on the Azure Marketplace is not the latest version of QRadar. What should I do?

  1. If at the time of your install the QRadar image on the Azure Market Place is not the latest version or your desired image please follow the following steps:
  2. Deploy your image in Azure.
  3. Install the QRadar Software on your Event Collector.
  4. Upgrade it or patch to desired version (here).
  5. Connect new managed host to your QRadar deployment (here).

 

 3. What size Azure Virtual Machine Instance should I use for my event?

Please use the following procedure:
  1. Review the sizing guidance for your needed requirements on the IBM Documentation (here).
  2. Chose the Azure instance that is optimized for the number of cores that are specified by the IBM Documentation. It is possible that your chosen images may have more memory.
  3. Managed SSD is preferred for the drive type.
  • NOTE: Oftentimes QRadar users have success with the “F Series” Images.

 
4. How do I connect my Cloud Based Event Collector to an on-prem QRadar Deployment?

 
You should connect your Event Collector to your on-Prem QRadar using SSH and then it is recommended to use another layer of protection like a VPN to protect the connection.

 

Hope this was helpful! Looking forward to adding additional questions. If you have questions that you would like to see added to this post, please send me an email (Wendy.Willner@ibm.com). 

Thanks,

Wendy

0 comments
15 views

Permalink