IBM Security QRadar

 View Only
  • 1.  DO I NEED DOMAIN ADMIN?

    Posted 14 days ago
    Hello,

    I want to ask you something. Is it necessary to have a domain admin user for IBM Qradar? So, is there such a need?

    Thank you,
    Kind Regards.



    ------------------------------
    Fatih R
    ------------------------------


  • 2.  RE: DO I NEED DOMAIN ADMIN?

    Posted 13 days ago
    I think you should define the question a bit better... QRadar by default uses local authentication (locally defined users and roles). If you are referring to using Active Directory as LDAP for authentication, when you are using authenticated bind you need a user that can read the LDAP directory. Instructions how to configure LDAP authentication can be found in IBM's documentation. You can e.g. opt to use group based authentication and allow/deny the groups of users per defined roles and security profiles (I recall there were some examples for that on you tube etc.).

    ------------------------------
    Dusan VIDOVIC
    ------------------------------



  • 3.  RE: DO I NEED DOMAIN ADMIN?

    Posted 12 days ago
    You do not need Domain Admin rights and should never monitor anything
    within an enterprise using such a level of access. Windows permission
    architecture should have specific service accounts with appropriate
    permissions where auth is necessary such as LDAP read (which any
    auth'ed user in a windows domain can actually do) or any sort of
    active retrieval requiring authentication.

    DA is not needed to interact with QRadar using LDAP auth for QRadar
    either access should be handled by a AD ad group.