Install IBM QRadar Community Edition 7.3.3 in ten minutes

After a long wait, the free version of IBM QRadar SIEM is finally available. This edition, called “Community” contains all the features of QRadar SIEM and requires little memory (works with just 8 or 10GB) compared to the at least 24G required for a minimum commercial version environment. It also includes a license that does not expire and allows you to install all kinds of plugins and applications. The objective is its private use for learning, demos, testing and fundamentally, development of applications compatible with QRadar. That’s why its capabilities are limited to managing up to 50 events (logs) per second and 5,000 network packets per minute, which isn’t bad :)

Keep in mind that one of the main drawbacks that does not bring support for all devices and environments of the commercial version. If we want to monitor a database, or a firewall, we will need to install each of the modules manually

What are the hardware requirements?

• Memory: 8GB RAM or 10GB if apps are installed, i.e. a modern laptop can run.
• Disk: 250 GB although our experience tells us that with about 30G is enough for ephemeral environments. Space is being used as SIEM is kept in use. If virtual machines are created and destroyed for short tests, it doesn’t take that long.
• CPU: 2 cores, but 4 or 6 would be even better.
• Network: Internet access, a private network, and FQDN hostname.

How do I install it?

IBM provides for this version an image in downloadable OVA format from this link. We no longer have to launch the installer on a CentOS system created by us and with the usual small bugs to correct, which is appreciated. Just have to create an IBM account, something that can be done on the spot and for free. The OVA image can be deployed to VMWare, KVM, or VirtualBox.

The installation process is quick and simple as shown in the following video:

After which, you can start exploring and working by following the clues available in the”Getting started guide”

Once the environment is up and running, you can install applications

And even monitor the network of our house: phones, laptops, home automation systems, etc.

Want to know more about IBM QRadar SIEM?

We offer professional services (consultation, deployment and support), official courses and certification bootcamps. Contact us without obligation.