IBM Security QRadar

 View Only

  • 1.  What is cheapest option for QRadar lab?

    Posted Wed September 11, 2019 01:32 PM

    Hello

    I'm interested in exploring what are the cheapest options for setting up a QRadar lab (CE maybe) for training and experimentation purposes. I currently don't have a high-power virtualization station at home. I tried some AWS instances, but they seem a bit expensive, but perhaps I chose the wrong types.

    I wonder why IBM doesn't offer some pre-installed instances (that would reset settings every time you login/out) for exam practice purposes, instead of those horrible simulations in their learning platform.

    Regards



  • 2.  RE: What is cheapest option for QRadar lab?

    Posted Wed September 11, 2019 06:40 PM
    CE is definitely the cheapest with lowest overhead, and is fine for
    most concepts of training, experimentation and even app and DSM
    development.


    Original Message


  • 3.  RE: What is cheapest option for QRadar lab?

    Posted Thu September 12, 2019 09:41 AM
    Would definitely agree with @hostcontext restart​.

    You'll want to download and install VirtualBox (or alike) onto your laptop, then either follow the documentation or check out a video walkthrough by IBMer Jose Bravo.

    Docs: https://developer.ibm.com/qradar/ce 

    YouTube:
    1) Install CentOS 7.5 (build 1804): https://www.youtube.com/watch?v=V7l0jWanKiw
    2) Install QRadar CE: https://www.youtube.com/watch?v=2ButNPY4nLQ


    ------------------------------
    Jon Bucko
    ------------------------------

    Original Message


  • 4.  RE: What is cheapest option for QRadar lab?

    Posted Mon September 16, 2019 06:01 AM
    Hi @Ilie Andrei Culda, I completely agree with @hostcontext restart and @Jon. However, there are quite a few methods which will help you in installing QRadar CE v7.3.x but will require more than one device.
    1. Set-up a Desktop PC and a Laptop. Connect both of them via a Switch or a Router in your home network. In PC the maximum configuration required is CentOS 7 minimal and install the QRadar CE v7.3.x on it. Recommended RAM required is 8GB and no graphic card is required. Hard disk must be at least 100-500GB. Now, after installation, you can access the QRadar dashboard from the IP of the CentOS 7 minimal that is installed in the Desktop PC into your laptop (of any decent configuration) connected via the Router or Switch in your home network.
    2. Vice-a -Versa in the first point. The Laptop has the minimal recommended configuration and is installed with QRadar CE v7.3.x while the Desktop PC is of any decent configuration where the QRadar dashboard can be accessed.
    3. Here, two laptops or two Desktop PCs also provide good operational functionality.
    This is the cheapest way to setup QRadar if one does not have a good laptop/Desktop PC configuration in the one device itself. QRadar requires a lot of memory to store the Events and Logs as well as in the DSM parser processes.
    ​​​​

    ------------------------------
    Er. Tapan Jatakia
    Student & Cyber Security Practitioner
    DIT University
    Dehradun, Uttarakhand,
    INDIA - 248001.
    +91 9664332984
    tapan_ditu_17.20@outlook.com
    ------------------------------

    Original Message


  • 5.  RE: What is cheapest option for QRadar lab?

    Posted Mon September 30, 2019 10:29 AM
    As previously mentioned, CE is the best option for what you're looking to do in a home lab setup. I know there is work to make CE a bit more consumable, including potentially an OVA which will give it much more of a 'download and go' experience.

    ------------------------------
    Jeremy Goldstein
    Product Marketing Manager
    IBM QRadar
    ------------------------------

    Original Message