IBM Security QRadar Community Edition is now released in a virtualization appliance format (OVA) which enables rapid access to the market leading SIEM for home, development and lab use cases. Community Edition is a free and fully featured version of QRadar that is low memory, low EPS, and includes a perpetual license. This version is limited to 50 events per second and 5,000 network flows a minute, supports apps, but is based on a smaller footprint for non-enterprise use.
Research the following areas before you begin for the best experience.
Tip #1: Read the QCE Installation Document
Before you begin, download and read the installation document in its entirety. Understanding the system and networking requirements will save time later in the install process. In previous versions of Community Edition, the software was packaged as an ISO and was set up as part of the Operating System installation. With the packaging of the updated Community Edition as an OVA file, installation begins with the Import function in your virtualization platform.
Tip #2: Understand the OVA format
The OVA format delivers a preinstalled and configured image with a base operating system of CentOS 7.5 and comes bundled with the QRadar Community Edition ISO. With just one file to download and no underlying operating system configuration, setup is as simple as running a single command from the command line. With this update, there is a slight change in where and how you set your configurations.
Tip #3: Choose the correct virtualization product for your need
Before you begin installation, research the virtualization platform that will best suit the needs of your environment. You should select a platform that will satisfy the following criteria for easy install:
Tip #4: Download the OVA in the correct format
Ensure that the downloaded file is in the correct format as an OVA. If the file is downloaded as anything other than an OVA, set the format to 'All files' in the browser as default.
Tip #5: Validate the Checksum of the Download
Download the provided SHA 256 checksum value to ensure the OVA download integrity. The following are some commands used to validate the OVA checksum value for various operating systems:
Tip #6: Calculate Usage requirements
For future-proofing your environment, ensure to size CPU, RAM and disk storage specifications for future usage not just current or minimum specifications. These values may be set up during the import process or shortly after in most virtualized environments. For Community Edition, system specifications need to be set before running the setup.
Minimum storage size requirements are enforced by default. The number of CPU cores will be variable based on intended use, but CPU resources are 2 cores by default. 6 CPU cores are the suggested minimum however use cases requiring Ariel queries or app development may require more resources for optimal performance.
RAM requirements are 6GB for minimum specifications, however 8GB or higher is suggested for optimal performance. For those using Community Edition for app development, 10GB of RAM is recommended.
Tip #7: Network access to your VM
Configuring a network adapter with internet access is imperative to a successful installation. How to best proceed depends on whether you plan to use Community Edition on a single network of multiple networks.
Single Network Configuration
If the purpose is for monitoring a single network, a Bridged Networking will be preferable.
Multiple Network Configuration
If the answer was multiple networks, then a NAT networking will be preferential for the movement.
Tip #8: Make sure that the Private and Public IP are static.
Setting up static IPs for both the private and public IP can be found in your preferred virtualization product documentation. Another resource is the experience of other users who could provide their practical experience in the QRadar Community Edition forums. Note that you cannot change the IP of Community Edition once the installation process starts.
Tip #9: Setting up Network Configuration using the command line
If your virtualization platform does not support network configuration in the UI, you can log in as root after the VM is imported to configure network settings.
Tip #10: Checking settings using the command line
Verify that your network settings are configured correctly using the following commands in the command line after installation.
Bonus: Choose strong passwords for Root Access
When first powering on the created VM, you will notice that you are asked to login as the root user. Immediately after you will be asked to set a root password. Remember to choose a password that is strong and includes a mix of alpha numeric characters greater than 5 and with special characters.
Similarly choose another password for the admin user (default administrator role) with similar criteria. Remember, longer passwords with complex characters provide better protection of your QRadar Community Edition instance.