Last updated on February 28th, 2019 at 08:02 pm
In this tutorial, we are going to learn how to install IBM QRadar Community Edition SIEM on VirtualBox.
IBM QRadar CE is a fully-featured and free version of QRadar that is low memory, low EPS intended for individual use like testing and familiarizing oneself with functionalities of IBM QRadar SIEM. To install QRadar CE on VirtualBox, ensure that the following prerequisites are met.
Prerequisites
- Download QRdar CE iso from here. Note that you need to create an IBM Account before you can download the iso.
- Install CentOS 7.3 minimal on VirtualBox with the following requirements;
- at least 4GB of RAM
- minimum of 80GB disk space
- Minimum of 2 CPU cores
- At least one Network Interface
The newer version of Qradar CE, v7.3.1, has been released. You can check how to install in our other guide by following the link below;
How to Install the latest IBM QRadar CE v7.3.1 on VirtualBox
Install IBM QRadar Community Edition SIEM on VirtualBox
Once you have your CentOS 7.3 minimal installed;
- Copy the downloaded iso to CentOS server
- Login to your server and Update and Upgrade it
yum update -y && yum -y upgrade
- Disable SELinux permanently and reboot the system
sed -i 's/=enforcing/=disabled/g' /etc/selinux/config && systemctl reboot
- Disables IPv6 permanently.
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
- Create /media/cdrom directory for mounting the QRadar CE iso
mkdir /media/cdrom
- Mount the QRadarCE7_3_0.GA.iso file.
mount -o loop /path/to/QRadarCE7_3_0.GA.iso /media/cdrom
- Launch QRadar CE installation.
/media/cdrom/setup
- Once the installation process starts, accept the EULA and proceed with installation.
Installation will take some time to complete. So please be patient.
In the course of installation, the installation wizard will prompt you for some installation options. Choose the appropriate options based on your installation.
If everything goes as expected, you should see “Initial Configuration of Qradar Community Edition console is now complete…” which simply means installation was successful.
You can now access QRadar Community Edition in a web browser at https://ip-address.
Login as admin with the password you supplied during the installation. After login, you are prompted to reset your password. Reset your password and proceed to QRadar Dashboard.
Now that your QRadar is ready, you can configure your devices to sent logs and traffic to QRadar for analysis.
That is all it take to Install IBM QRadar Community Edition SIEM on VirtualBox. If for some reason QRadar installation fails due to gluster 3.8 repos failure; “One of the configured repositories failed (CentOS-7 – Gluster 3.8) and yum doesn’t have enough cached data to continue”, check how to fix it here.
Hello,
I am getting the below error when i try to install the Qrdar CE 7.3.1. Please help me with this:
Initializing…
Starting setup session in screen
cat: .: ls a directory
cat: .: ls a directory
EULA accepted on Mon Jan 27 01:41:25 IST 2020
About to install QRadar Community Edition version 7.3.1 20180723171558
Install started on Mon Jan 27 01:41:27 IST 2020 but was not completed.
Attempting to continue…
done.
Checking that SELinux is disabled…
OK:SELinux is disabled.
Checking that system language is set yo en_US.UTF-8…
OK: System language is set to en_US.UTF-8
Checking for minimum disk size…
ERROR: Boot disk sda is only 20480 MiB but must be at least 78125 MiB
ERROR: This version does not support small drives. You must replace the drive before trying again
Please enter to close screen
==================================================
Please sort the disk space and you are good to run QRadar CE.