IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Difference between Event Collector and Event Collector

  • 1.  Difference between Event Collector and Event Collector

    Posted Wed July 07, 2021 01:59 AM
    I have a requirment where I need to deploy the event collection solution but when I searched, I found two options 1) DLC and 2) EC.
    Which one should I use and what difference these two have.

    I am looking for the solution which can be deployed on the virtual server like vmware.

    ------------------------------
    Akash Bhardwaj
    ------------------------------


  • 2.  RE: Difference between Event Collector and Event Collector

    Posted Thu July 08, 2021 02:29 AM

    Hello Akash,
    you can deploy both component (DLC or EC) in a virtual infrastructure based on VMware.

    The main differences is that the EC is a QRadar appliance and it is a managed host by the Console and you need a license for it, while the DLC is a software component that is installed in a Linux VM and must be managed manually locally. Other differences are related to the supported log sources (https://www.ibm.com/docs/en/qradar-common?topic=collector-overview-disconnected-log ). Last but not least the DLC can be used as "data diode" (rif https://www.ibm.com/docs/en/qradar-common?topic=collector-business-scenarios-using-disconnected-log ) in some high-security environment.

    Hope this helps.

    Best regards,

    Mario



    ------------------------------
    Mario Sebastiani
    ------------------------------

    Original Message


Related Content