How to Install IBM QRadar Community Edition SIEM on VirtualBox

|
Last Updated:
|
|

In this tutorial, we are going to learn how to install IBM QRadar Community Edition SIEM on VirtualBox. We will be installing Qradar CE version 7.3.3, which is the current stable release as of this writing. IBM QRadar CE is a fully-featured and free version of QRadar that is low memory, low EPS intended for individual use like testing and familiarizing oneself with functionalities of IBM QRadar SIEM.

Install IBM QRadar Community Edition SIEM on VirtualBox

Prerequisites

To install QRadar CE on VirtualBox, ensure that the following prerequisites are met.

  • Memory minimum requirements: 8 GB RAM or 10 GB w/applications
  • Disk space minimum: 250 GB
  • CPU: 2 cores (minimum) or 6 cores (recommended)
  • One network adapter with access to the Internet is required
  • A static public and private IP addresses is required for QRadar Community Edition (I am running a local instance, hence got no public IP)
  • The assigned hostname must be a fully qualified domain name (e.g qradar.kifarunix-demo.com)

Install IBM QRadar Community Edition SIEM on VirtualBox

Download Qradar CE OVA File

Navigate to IBM Qradar CE page, login and grub the OVA file. Qradar 7.3.3 is the current stable CE release.

ls -alh QRadarCE733GA_v1_0.ova
-rwxrwxrwx 1 kifarunix kifarunix 4.1G Jan 28  2020 QRadarCE733GA_v1_0.ova

Create Qradar Virtual Machine on VirtualBox

Since you already have an OVA file for Qradar CE 7.3.3, just launch VirtualBox manager and press Ctrl+i to import the virtual machine into VirtualBox.

This will launch the import virtual appliance wizard.

Select the source OVA file you just downloaded;

Install IBM QRadar Community Edition SIEM on VirtualBox

Update Qradar VM Settings

Click the setting drop down and update the Qradar VM settings.

  • Update the name of the VM;
  • Update the RAM size appropriately.
  • Set the base image folder
Install IBM QRadar Community Edition SIEM on VirtualBox
  • Click finish to import the Qradar VM with updated settings

Start Qradar CE VM on VirtualBox

Once you have updated the settings, you can proceed to start the Qradar VM;

Install IBM QRadar Community Edition SIEM on VirtualBox

Change Qradar CE Root Password

Once the Qradar VM boots fully, enter login as root user and set the new root password.

Install IBM QRadar Community Edition SIEM on VirtualBox

Install and Setup IBM QRadar CE SIEM on VirtualBox

Now it is time to finalize the installation and setup of IBM Qradar CE.

First, confirm that SELinux is disabled;

sestatus

Output should be disabled. Otherwise, run the command below to disable it;

sed -i 's/=enforcing/=disabled/g' /etc/selinux/config && systemctl reboot  

Once the VM boots, run the Qradar setup script.

./setup

Once the installation process starts, accept the EULA by pressing enter.

You will then be prompted on whether to proceed with installation. Confirm the same to install Qradar CE 7.3.3 on VirtualBox

Installation will take some time to complete. So please be patient until you see such information;

Install IBM QRadar Community Edition SIEM on VirtualBox

At this point, just a little bit of house cleaning and you are done.

Install IBM QRadar Community Edition SIEM on VirtualBox

Press ENTER to complete the setup of Qradar on VirtualBox.

Set the Qradar web Interface admin password.

Note that you can also reset the Qradar Admin UI password from command line using the following script;

/opt/qradar/support/changePasswd.sh -a

Accessing Qradar User Interface

Login to Qradar Web User Interface

You can now access QRadar Community Edition in a web browser at https://qradar-vm-ip-address.

Login as admin with the password you just set.

Install IBM QRadar Community Edition SIEM on VirtualBox

Qradar Dashboard

After that, you are prompted to reset your password. Reset your password, accept EULA and proceed to QRadar Dashboard.

Install IBM QRadar Community Edition SIEM on VirtualBox

Now that your QRadar is ready, you can configure your devices to sent logs and traffic to QRadar for analysis.

That is all it take to Install IBM QRadar Community Edition SIEM on VirtualBox.

Other Tutorials

Install and Configure AlienVault OSSIM on VirtualBox

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

2 thoughts on “How to Install IBM QRadar Community Edition SIEM on VirtualBox”

  1. Hello,
    I am getting the below error when i try to install the Qrdar CE 7.3.1. Please help me with this:

    Initializing…
    Starting setup session in screen
    cat: .: ls a directory
    cat: .: ls a directory
    EULA accepted on Mon Jan 27 01:41:25 IST 2020
    About to install QRadar Community Edition version 7.3.1 20180723171558
    Install started on Mon Jan 27 01:41:27 IST 2020 but was not completed.
    Attempting to continue…
    done.
    Checking that SELinux is disabled…
    OK:SELinux is disabled.
    Checking that system language is set yo en_US.UTF-8…
    OK: System language is set to en_US.UTF-8
    Checking for minimum disk size…
    ERROR: Boot disk sda is only 20480 MiB but must be at least 78125 MiB
    ERROR: This version does not support small drives. You must replace the drive before trying again
    Please enter to close screen
    ==================================================

    Reply

Leave a Comment