How to Install IBM QRadar Community Edition SIEM on VirtualBox

2
11279

In this tutorial, we are going to learn how to install IBM QRadar Community Edition SIEM on VirtualBox.

IBM QRadar CE is a fully-featured and free version of QRadar that is low memory, low EPS intended for individual use like testing and familiarizing oneself with functionalities of IBM QRadar SIEM. To install QRadar CE on VirtualBox, ensure that the following prerequisites are met.

Prerequisites

  • Download QRdar CE iso from here. Note that you need to create an IBM Account before you can download the iso.
  • Install CentOS 7.3 minimal on VirtualBox with the following requirements;
    • at least 4GB of RAM
    • minimum of 80GB disk space
    • Minimum of 2 CPU cores
    • At least one Network Interface

The newer version of Qradar CE, v7.3.1, has been released. You can check how to install in our other guide by following the link below;

How to Install the latest IBM QRadar CE v7.3.1 on VirtualBox

Install IBM QRadar Community Edition SIEM on VirtualBox

Once you have your CentOS 7.3 minimal installed;

  • Copy the downloaded iso to CentOS server
  • Login to your server and Update and Upgrade it
    yum update -y && yum -y upgrade
    
  • Disable SELinux permanently and reboot the system
    sed -i 's/=enforcing/=disabled/g' /etc/selinux/config && systemctl reboot
    
  • Disables IPv6 permanently.
    echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
    
  • Create /media/cdrom directory for mounting the QRadar CE iso
    mkdir /media/cdrom
    
  • Mount the QRadarCE7_3_0.GA.iso file.
    mount -o loop /path/to/QRadarCE7_3_0.GA.iso /media/cdrom
    
  • Launch QRadar CE installation.
    /media/cdrom/setup
    
  • Once the installation process starts, accept the EULA and proceed with installation.

Installation will take some time to complete. So please be patient.

In the course of installation, the installation wizard will prompt you for some installation options. Choose the appropriate options based on your installation.

If everything goes as expected, you should see “Initial Configuration of Qradar Community Edition console is now complete…” which simply means installation was successful.

Install IBM QRadar Community Edition SIEM on VirtualBox

You can now access QRadar Community Edition in a web browser at https://ip-address.

Login as admin with the password you supplied during the installation. After login, you are prompted to reset your password. Reset your password and proceed to QRadar Dashboard.

Install IBM QRadar Community Edition SIEM on VirtualBox

Now that your QRadar is ready, you can configure your devices to sent logs and traffic to QRadar for analysis.

That is all it take to Install IBM QRadar Community Edition SIEM on VirtualBox. If for some reason QRadar installation fails due to gluster 3.8 repos failure; “One of the configured repositories failed (CentOS-7 – Gluster 3.8) and yum doesn’t have enough cached data to continue”, check how to fix it here.

2 COMMENTS

  1. Hello,
    I am getting the below error when i try to install the Qrdar CE 7.3.1. Please help me with this:

    Initializing…
    Starting setup session in screen
    cat: .: ls a directory
    cat: .: ls a directory
    EULA accepted on Mon Jan 27 01:41:25 IST 2020
    About to install QRadar Community Edition version 7.3.1 20180723171558
    Install started on Mon Jan 27 01:41:27 IST 2020 but was not completed.
    Attempting to continue…
    done.
    Checking that SELinux is disabled…
    OK:SELinux is disabled.
    Checking that system language is set yo en_US.UTF-8…
    OK: System language is set to en_US.UTF-8
    Checking for minimum disk size…
    ERROR: Boot disk sda is only 20480 MiB but must be at least 78125 MiB
    ERROR: This version does not support small drives. You must replace the drive before trying again
    Please enter to close screen
    ==================================================

LEAVE A REPLY

Please enter your comment!
Please enter your name here