The Jumpbox is an important part of the total solution and while it is useful during the initial SIEM setup, its primary function is to provide a Beachhead for Secure-ISS SOC Engineers to investigate and respond to urgent and critical incidents in your environment. These incidents are referred to as P1 Incidents.
The Jumpbox can be any Windows Machine and is typically a Virtual Machine and often hosted on the same Hypervisor that the QRadar Appliance is hosted on. The machine itself doesn’t need to be overly resource-hungry and can be configured with the basic specs that are suggested by Microsoft for whatever operating system you have selected.
The main requirements for the Jumpbox are listed below:
The Jumpbox can be Domain joined or it can be isolated in a workgroup. More importantly is that Secure-ISS has been provided a Domain User that can be used with RDP to access the other Critical Assets in the deployment.
NOTE: All Sensitive Details and credentials should be sent using our Secure Pass at https://pass.secure-iss.com/
Place Jumpbox Credentails into this system and send the URL via email.