Use the instructions below to setup your QRadar SIEM Appliance using VMWare Technology. If you use Hyper-V in your environment, use the Hyper-V Instructions found HERE
To Setup your QRadar SIEM Appliance, you need to ensure that the required resources are available on the Hypervisor. Typically, you will require the minimum resources as per the table below.
If your QRadar SIEM Appliance is a Processor, then please allocate the resources as per table below.
NOTE: If your QRadar VM will be connected to plentiful storage (SAN), then it is easy to add a 2nd disk should more storage be required. But if dedicated hard disks are being used, consider provisioning extra storage from the outset as adding more after deployment can be troublesome.
If your QRadar SIEM Appliance is a Collector only, then please allocate the resources as per table below.
As per the VPN Documentation, your Appliance will reside in the SOC Network within your environment. This New VLAN should be created ready to host the SIEM Appliance and the Jumpbox.
Reference the IP Networking Details of the VPN Documentation or contact your Secure-ISS Project Manager if unsure.
Once resource requirements are confirmed, you can download the ISO file required for the SIEM Appliance setup.
You can find the file HERE You will only need 1 file:
Download the file to a network location allowing the new virtual machine to boot from the ISO file.
NOTE: You will need to Log In to Sharefile with your credentials to complete the ISO download.
Create the New VM usig the Resources as per the Resources Section above.
For your Guest OS, you can be RHEL 7 from the dropdown.
You can start things off by booting the new VM using the ISO file you downloaded. The Installation will kick off and go as far as it can without further intervention. Once you see a login prompt, it is ready for a SISS Engineer.
The Engineer will need access to a workstation in your network to complete the setup.
You can prepare for this ahead of time by ensuring that a Workstation is available that has access to the Hypervisor Infrastructure that is being used.
This workstation can be any machine, but it must meet the requirements below.
Once the Remote Workstation is ready, contact your SOC Onboarding Project Manager to schedule the SIEM Appliance Installation and Configuration.