Beruflich Dokumente
Kultur Dokumente
Version 7.2.4
Hardware Guide
Note
Before using this information and the product that it supports, read the information in Notices on page 29.
Product information
This document applies to IBM QRadar Security Intelligence Platform V7.2.4 and subsequent releases unless
superseded by an updated version of this document.
Copyright IBM Corporation 2014, 2014.
US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Privacy policy considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
A. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
B. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
C. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
D. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
E. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
F. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Thank you for ordering your appliance from IBM! It is strongly recommended that
you apply the latest maintenance to you appliance for the best results. Please visit
IBM Fix Central (http://www.ibm.com/support/fixcentral) to determine the latest
recommended patch for your product.
Intended audience
The IBM Security QRadar Hardware Installation Guide is intended for operations, data
center, or system administration personnel.
Technical documentation
To find IBM Security QRadar product documentation on the web, including all
translated documentation, access the IBM Knowledge Center (http://
www.ibm.com/support/knowledgecenter/SS42VS/welcome).
For information about how to access more technical documentation in the QRadar
products library, see Accessing IBM Security Documentation Technical Note
(www.ibm.com/support/docview.wss?rs=0&uid=swg21614644).
For information about contacting customer support, see the Support and
Download Technical Note (http://www.ibm.com/support/
docview.wss?uid=swg21616144).
Please Note:
This section includes safety guidelines to help ensure your own personal safety
and protect your system and working environment from potential damage.
Do not move racks by yourself. Due to the height and weight of the rack, a
minimum of two people should accomplish this task.
v Always load the rack from the bottom up and load the heaviest item in the rack
first.
v Make sure that the rack is level and stable before extending a component from
the rack.
v Use caution when pressing the component rail release latches and sliding a
component into or out of a rack; the rails can pinch your fingers.
v Do not overload the AC supply branch circuit that provides power to the rack.
The total rack load should not exceed 80 percent of the branch circuit rating.
v Ensure that proper airflow is provided to components in the rack.
v Do not step on or stand on any component when servicing other components in
a rack.
QRadar QFlow collector component now provides 10 Gbps QFlow collection and
processing without any lost data.
View hardware information and requirements for the IBM Security QRadar QFlow
Collector 1201 in the following table:
Table 1. QRadar QFlow Collector 1201
Description Value
Network traffic 1 Gbps
Interfaces Five 10/100/1000 Base-T network monitoring interfaces
For diagrams and information about the front and back panel of this appliance, see
QRadar 2100, QRadar Event Collector 1501, and all QRadar Flow Processor
Appliances on page 23.
View hardware information and requirements for the IBM Security QRadar QFlow
Collector 1202 in the following table:
Table 2. QRadar QFlow Collector 1202
Description Value
Network traffic 3 Gbps
For diagrams and information about the front and back panel of this appliance, see
QRadar 2100, QRadar Event Collector 1501, and all QRadar Flow Processor
Appliances on page 23.
View hardware information and requirements for the IBM Security QRadar QFlow
Collector 1301 in the following table:
Table 3. QRadar QFlow Collector 1301
Description Value
Network traffic 3 Gbps
Interfaces Napatech Network Adapter, providing four 1 Gbps 1000 Base SX
Multi-Mode Fiber network monitoring interfaces
View hardware information and requirements for the IBM Security QRadar QFlow
Collector 1310 in the following table:
Table 4. QRadar QFlow Collector 1310 (4380-Q5C)
Description Value
Network traffic 10 Gbps
Note: The 10 Gbps rate is available only on (X3550) M4 appliances
and later. Network traffic is 3 Gbps on previous hardware.
Interfaces Napatech Network Adapter for fiber, providing two 10 Gbps SFP +
network monitoring interfaces
For diagrams and information about the front and back panel of this appliance, see
QRadar 2100, QRadar Event Collector 1501, and all QRadar Flow Processor
Appliances on page 23.
View hardware information and requirements for the QRadar Data Node in the
following tables:
Table 5. QRadar Data Node when used with XX05 appliances
Description Value
Interfaces Two 10/100/1000 Base-T network monitoring interfaces
View hardware information and requirements for the QRadar 1501 in the following
table:
Table 7. QRadar 1501
Description Value
Events per second 15,000 EPS
Network traffic 1 Gbps
For diagrams and information about the front and back panel of this appliance, see
QRadar 2100, QRadar Event Collector 1501, and all QRadar Flow Processor
Appliances on page 23.
The QRadar Event Processor 1605 is a distributed event processor appliance and
requires a connection to a IBM Security QRadar 3105 or QRadar 3128 console
appliance.
View hardware information and requirements for the QRadar Event Processor 1605
in the following table:
Table 8. QRadar Event Processor 1605
Description Value
Basic license 2,500 EPS
Upgraded license 20,000 EPS
Interfaces Two 10/100/1000 Base-T network monitoring interfaces
For diagrams and information about the front and back panel of this appliance, see
QRadar Appliances on page 26.
The QRadar Event Processor 1628 is a distributed event processor appliance and
requires a connection to a IBM Security QRadar 3128 Console appliance.
View hardware information and requirements for the QRadar 1628 in the following
table:
Table 9. QRadar 1628 Event Processor overview
Description Value
Basic license 2,500 EPS
Upgraded license 40,000 EPS
Interfaces One 2-port Emulex 8Gb FC
For diagrams and information on the front and back panel of this appliance, see
QRadar Appliances on page 26.
For diagrams and information about the front and back panel of this appliance, see
QRadar Appliances on page 26.
View hardware information and requirements for the QRadar 1728 Flow processor
in the following table:
Table 11. QRadar 1728 Flow Processor overview
Description Value
Basic license 100,000 FPM
Upgraded license 1,200,000 FPM
Interfaces One 2-port Emulex 8Gb FC
For diagrams and information on the front and back panel of this appliance, see
QRadar Appliances on page 26.
QRadar 1805
The IBM Security QRadar 1805 appliance is a combined Event Processor and Flow
Processor that can scale your QRadar deployment to manage more events and
flows. The QRadar 1805 includes an on-board Event Processor, an on-board Flow
Processor, and internal storage for events and flows.
View hardware information and requirements for the IBM Security QRadar 1805 in
the following table:
Table 12. IBM Security QRadar 1805 overview
Description Value
Basic license 25,000 FPM
1,000 EPS
Upgraded license 200,000 FPM
5,000 EPS
Interfaces Two 10/100/1000 Base-T network monitoring interfaces
For diagrams and information on the front and back panel of this appliance, see
QRadar Appliances on page 26.
View hardware information and requirements for the QRadar 1828 Flow processor
in the following table:
1000 EPS
Upgraded license 300,000 FPM
15,000 EPS
Interfaces One 2-port Emulex 8Gb FC
For diagrams and information on the front and back panel of this appliance, see
QRadar Appliances on page 26.
QRadar 2100
The IBM Security QRadar 2100 appliance is an all-in-one system that combines
Network Behavioral Anomaly Detection (NBAD) and Security Information and
Event Management (SIEM) to accurately identify and appropriately prioritize
threats that occur on your network.
View hardware information and requirements for the IBM Security QRadar 2100 in
the following table:
Table 14. IBM Security QRadar 2100 overview
Description Value
Basic license 25,000 FPM
1000 EPS
Upgraded license
50,000 FPM
Interfaces Three 10/100/1000 Base-T network monitoring interfaces
For diagrams and information about the front and back panel of this appliance, see
QRadar 2100, QRadar Event Collector 1501, and all QRadar Flow Processor
Appliances on page 23.
View hardware information and requirements for the QRadar 3105 in the following
table:
Table 15. QRadar 3105 overview
Description Value
Basic license 25,000 FPM
1000 EPS
Upgraded license 200,000 FPM
5,000 EPS
Network objects 1000
Log sources 750
Interfaces Two 10/100/1000 Base-T network monitoring interfaces
For diagrams and information about the front and back panel of this appliance, see
QRadar Appliances on page 26.
You can expand the capacity of the QRadar 3105 (All-in-One) beyond license-based
upgrade options by upgrading to the QRadar 3105 (Console) appliance and adding
one or more of the following appliances:
v QRadar Event Processor 1605 on page 9
v QRadar Flow Processor 1705 on page 10
v QRadar 1805 on page 12
The QRadar 3105 (Console) appliance you can use to manage a distributed
deployment of Event Processors and Flow Processors to profile network behavior
and identify network security threats.
For diagrams and information about the front and back panel of this appliance, see
QRadar Appliances on page 26.
View hardware information and requirements for the QRadar 3128 (All-in-One) in
the following table:
Table 16. QRadar 3128 (All-in-One)
Description Value
Basic license 25,000 FPM
1000 EPS
Upgraded license 300,000 FPM
15,000 EPS
Network objects Up to 1,000, depending on the license
Log sources 750 (add more devices with a licensing option)
Interfaces One 2-port Emulex 8Gb FC
The QRadar 3128 (All-in-One) requires external QRadar QFlow Collectors for layer
7 network activity monitoring.
For diagrams and information about the front and back panel of this appliance, see
QRadar Appliances on page 26.
You can expand the capacity of the QRadar3128 (All-in-One) appliance beyond
license-based upgrade options by upgrading to the QRadar 3128 (Console)
appliance and adding one or more of the following appliances:
v QRadar Event Processor 1628 on page 10
v QRadar Flow Processor 1728 on page 11
v QRadar Flow Processor 1828 on page 12
The QRadar 3128 (Console) appliance you can use to manage a distributed
deployment of Event Processors and Flow Processors to profile network behavior
and identify network security threats.
For diagrams and information about the front and back panel of this appliance, see
QRadar Appliances on page 26.
The QRadar Log Manager 1605 is a distributed Event Processor appliance and
requires a connection to a QRadar Log Manager 3105 appliance.
View hardware information and requirements for the QRadar Log Manager 1605 in
the following table:
Table 17. QRadar Log Manager 1605
Description Value
Basic license 2,500 EPS
Upgraded license 20,000 EPS
For diagrams and information about the front and back panel of this appliance, see
QRadar Appliances on page 26.
The QRadar Log Manager 1628 is a distributed Event Processor appliance and
requires a connection to a QRadar Log Manager 3105 appliance.
View hardware information and requirements for the QRadar Log Manager 1628 in
the following table:
Table 18. QRadar Log Manager 1628
Description Value
Basic license 20,000 EPS
Upgraded license 40,000 EPS
Interfaces One 2-port Emulex 8Gb FC
For diagrams and information about the front and back panel of this appliance, see
QRadar Appliances on page 26.
View hardware information and requirements for the IBM Security QRadar Log
Manager 2100 in the following table:
Table 19. IBM Security QRadar Log Manager 2100 overview
Description Value
Basic license 1000 EPS
Log sources 750
Interfaces Three 10/100/1000 Base-T network monitoring interfaces
IBM Security QRadar Log Manager 2100 includes external flow collection.
For diagrams and information about the front and back panel of this appliance, see
QRadar 2100, QRadar Event Collector 1501, and all QRadar Flow Processor
Appliances on page 23.
View hardware information and requirements for the QRadar Log Manager 3105 in
the following table:
1000 EPS
Upgraded license 200,000 FPM
5,000 EPS
Interfaces Two 10/100/1000 Base-T network monitoring interfaces
You can upgrade your license to migrate your QRadar Log Manager 3105
(all-in-one) to QRadar 3105 (all-in-one). For more information, see the Migrating
QRadar Log Manager to QRadar SIEM Technical Note.
For diagrams and information about the front and back panel of this appliance, see
QRadar Appliances on page 26.
View hardware information and requirements for the QRadar Log Manager 3128
(All-in-One) in the following table:
Table 21. QRadar Log Manager 3128 (All-in-One)
Description Value
Basic license 1,000 EPS
You can upgrade your license to migrate your QRadar Log Manager 3128
(all-in-one) appliance to QRadar 3128 (all-in-one). For more information about
migrating QRadar Log Manager to QRadar SIEM, see the Migrating QRadar Log
Manager to QRadar SIEM Technical Note.
For diagrams and information about the front and back panel of this appliance, see
QRadar Appliances on page 26.
You can expand the capacity of the QRadar Log Manager 3128 (all-in-one)
appliance beyond license-based upgrade options by upgrading to the QRadar Log
Manager 3128 (Console) appliance and adding one or more of the following
appliances:
v QRadar Log Manager 1605 on page 16
v QRadar Log Manager 1628 on page 17
You can upgrade your license to migrate your QRadar Log Manager 3128
(Console) appliance to QRadar Log Manager 3128 (Console). For more information,
see the Migrating QRadar Log Manager to QRadar SIEM Technical Note .
For diagrams and information about the front and back panel of this appliance, see
QRadar Appliances on page 26.
View hardware information and requirements for the QRadar Risk Manager in the
following table:
Table 23. QRadar Risk Manager in the following table
Description Value
Interfaces Two 10/100/1000 Base-T network monitoring interfaces
For diagrams and information about the front and back panel of this appliance, see
QRadar Appliances on page 26.
QRadar 2100, QRadar Event Collector 1501, and all QRadar Flow
Processor Appliances
Review the information about the front and back panel features for appliances to
confirm proper connectivity and functionality.
v QRadar 2100 on page 13 (4380-Q1C).
v QRadar QFlow Collector 1202 on page 5 (4380-Q3C).
v QRadar QFlow Collector 1301 on page 6 (4380-Q4C).
v QRadar QFlow Collector 1310 on page 7 (4380-Q5C).
v QRadar Event Collector 1501 on page 8, QRadar QFlow Collector 1201 on
page 5 (4380-Q2C).
v QRadar Log Manager 2100 on page 18 (4380-Q1C).
The following figure shows the front panel indicators and features of the QRadar
Core Appliances 4380-QxC.
The following figure shows the back panel features of the QRadar Core Appliances
4380 (4380-QxC).
Figure 2. Back panel features of the QRadar Core Appliances 4380 (4380-QxC)
The following figure shows the front panel indicators and features of QRadar and
all IBM Security QRadar Core Appliances 4380-QxE.
The following figure shows the back panel features of the QRadar Core Appliances
4380-QxE.
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user's responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not grant you
any license to these patents. You can send license inquiries, in writing, to:
The following paragraph does not apply to the United Kingdom or any other
country where such provisions are inconsistent with local law:
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this IBM
product and use of those Web sites is at your own risk.
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:
IBM Corporation
170 Tracer Lane,
Waltham MA 02451, USA
The licensed program described in this document and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement or any equivalent agreement
between us.
All statements regarding IBM's future direction or intent are subject to change or
withdrawal without notice, and represent goals and objectives only.
All IBM prices shown are IBM's suggested retail prices, are current and are subject
to change without notice. Dealer prices may vary.
This information contains examples of data and reports used in daily business
operations. To illustrate them as completely as possible, the examples include the
names of individuals, companies, brands, and products. All of these names are
fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
If you are viewing this information softcopy, the photographs and color
illustrations may not appear.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corporation in the United States, other countries,
or both. If these and other IBM trademarked terms are marked on their first
occurrence in this information with a trademark symbol ( or ), these symbols
Java and all Java-based trademarks and logos are trademarks or registered
trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Other company, product, and service names may be trademarks or service marks
of others.
Depending upon the configurations deployed, this Software Offering may use
session cookies that collect each users session id for purposes of session
management and authentication. These cookies can be disabled, but disabling them
will also eliminate the functionality they enable.
If the configurations deployed for this Software Offering provide you as customer
the ability to collect personally identifiable information from end users via cookies
and other technologies, you should seek your own legal advice about any laws
applicable to such data collection, including any requirements for notice and
consent.
For more information about the use of various technologies, including cookies, for
these purposes, See IBMs Privacy Policy at http://www.ibm.com/privacy and
IBMs Online Privacy Statement at http://www.ibm.com/privacy/details the
section entitled Cookies, Web Beacons and Other Technologies and the IBM
Software Products and Software-as-a-Service Privacy Statement at
http://www.ibm.com/software/info/product-privacy.
Notices 31
32 QRadar Hardware Guide
Glossary
This glossary provides terms and definitions for derived by the examination of packet
the [product name] software and products. payload and then used to identify a
specific application.
The following cross-references are used in this
ARP See Address Resolution Protocol.
glossary:
v See refers you from a nonpreferred term to the ARP Redirect
preferred term or from an abbreviation to the An ARP method for notifying the host if a
spelled-out form. problem exists on a network.
v See also refers you to a related or contrasting ASN See autonomous system number.
term.
asset A manageable object that is either
deployed or intended to be deployed in
For other terms and definitions, see the IBM
an operational environment.
Terminology website (opens in new window).
autonomous system number (ASN)
A B C D on page 34 E on page 34 F In TCP/IP, a number that is assigned to
on page 34 G on page 35 H on page 35 I an autonomous system by the same
on page 35 K on page 36 L on page 36 M central authority that assigns IP
on page 36 N on page 36 O on page 37 P addresses. The autonomous system
on page 37 Q on page 37 R on page 37 S number makes it possible for automated
on page 38 T on page 38 V on page 39 W routing algorithms to distinguish
on page 39 autonomous systems.
A B
accumulator behavior
A register in which one operand of an The observable effects of an operation or
operation can be stored and subsequently event, including its results.
replaced by the result of that operation.
bonded interface
active system See link aggregation.
In a high-availability (HA) cluster, the
burst A sudden sharp increase in the rate of
system that has all of its services running.
incoming events or flows such that the
Address Resolution Protocol (ARP) licensed flow or event rate limit is
A protocol that dynamically maps an IP exceeded.
address to a network adapter address in a
local area network.
C
administrative share
A network resource that is hidden from CIDR See Classless Inter-Domain Routing.
users without administrative privileges. Classless Inter-Domain Routing (CIDR)
Administrative shares provide A method for adding class C Internet
administrators with access to all resources Protocol (IP) addresses. The addresses are
on a network system. given to Internet Service Providers (ISPs)
anomaly for use by their customers. CIDR
A deviation from the expected behavior of addresses reduce the size of routing tables
the network. and make more IP addresses available
within organizations.
application signature
A unique set of characteristics that are client A software program or computer that
requests services from a server.
Glossary 35
log source
K Either the security equipment or the
key file network equipment from which an event
In computer security, a file that contains log originates.
public keys, private keys, trusted roots, log source extension
and certificates. An XML file that includes all of the
regular expression patterns required to
L identify and categorize events from the
event payload.
L2L See Local To Local.
L2R See Local To Remote. M
LAN See local area network. magistrate
LDAP See Lightweight Directory Access An internal component that analyzes
Protocol. network traffic and security events
against defined custom rules.
leaf In a tree, an entry or node that has no
children. magnitude
A measure of the relative importance of a
Lightweight Directory Access Protocol (LDAP) particular offense. Magnitude is a
An open protocol that uses TCP/IP to weighted value calculated from relevance,
provide access to directories that support severity, and credibility.
an X.500 model and that does not incur
the resource requirements of the more
complex X.500 Directory Access Protocol N
(DAP). For example, LDAP can be used to
NAT See network address translation.
locate people, organizations, and other
resources in an Internet or intranet NetFlow
directory. A Cisco network protocol that monitors
network traffic flow data. NetFlow data
link aggregation
includes the client and server information,
The grouping of physical network
which ports are used, and the number of
interface cards, such as cables or ports,
bytes and packets that flow through the
into a single logical network interface.
switches and routers connected to a
Link aggregation is used to increase
network. The data is sent to NetFlow
bandwidth and network availability.
collectors where data analysis takes place.
live scan
network address translation (NAT)
A vulnerability scan that generates report
In a firewall, the conversion of secure
data from the scan results based on the
Internet Protocol (IP) addresses to
session name.
external registered addresses. This enables
local area network (LAN) communications with external networks
A network that connects several devices but masks the IP addresses that are used
in a limited area (such as a single inside the firewall.
building or campus) and that can be
network hierarchy
connected to a larger network.
A type of container that is a hierarchical
Local To Local (L2L) collection of network objects.
Pertaining to the internal traffic from one
network layer
local network to another local network.
In OSI architecture, the layer that
Local To Remote (L2R) provides services to establish a path
Pertaining to the internal traffic from one between open systems with a predictable
local network to another remote network. quality of service.
network object
A component of a network hierarchy.
O Q
offense QID Map
A message sent or an event generated in A taxonomy that identifies each unique
response to a monitored condition. For event and maps the events to low-level
example, an offense will provide and high-level categories to determine
information on whether a policy has been how an event should be correlated and
breached or the network is under attack. organized.
offsite source
A device that is away from the primary R
site that forwards normalized data to an
event collector. R2L See Remote To Local.
Glossary 37
manually or automatically at timed SNMP
intervals that updates the current network See Simple Network Management
activity data. Protocol.
relevance SOAP A lightweight, XML-based protocol for
A measure of relative impact of an event, exchanging information in a
category, or offense on the network. decentralized, distributed environment.
SOAP can be used to query and return
Remote To Local (R2L)
information and invoke services across
The external traffic from a remote
the Internet.
network to a local network.
standby system
Remote To Remote (R2R)
A system that automatically becomes
The external traffic from a remote
active when the active system fails. If disk
network to another remote network.
replication is enabled, replicates data from
report In query management, the formatted data the active system.
that results from running a query and
subnet
applying a form to it.
See subnetwork.
report interval
subnet mask
A configurable time interval at the end of
For internet subnetworking, a 32-bit mask
which the event processor must send all
used to identify the subnetwork address
captured event and flow data to the
bits in the host portion of an IP address.
console.
subnetwork (subnet)
routing rule
A network that is divided into smaller
A condition that when its criteria are
independent subgroups, which still are
satisfied by event data, a collection of
interconnected.
conditions and consequent routing are
performed. sub-search
A function that allows a search query to
rule A set of conditional statements that
be performed within a set of completed
enable computer systems to identify
search results.
relationships and run automated
responses accordingly. superflow
A single flow that is comprised of
multiple flows with similar properties in
S order to increase processing capacity by
scanner reducing storage constraints.
An automated security program that system view
searches for software vulnerabilities A visual representation of both primary
within web applications. and managed hosts that compose a
secondary HA host system.
The standby computer that is connected
to the HA cluster. The secondary HA host T
assumes responsibility of the primary HA
host if the primary HA host fails. TCP See Transmission Control Protocol.
severity Transmission Control Protocol (TCP)
A measure of the relative threat that a A communication protocol used in the
source poses on a destination. Internet and in any network that follows
the Internet Engineering Task Force (IETF)
Simple Network Management Protocol (SNMP)
standards for internetwork protocol. TCP
A set of protocols for monitoring systems
provides a reliable host-to-host protocol in
and devices in complex networks.
packet-switched communication networks
Information about managed devices is
and in interconnected systems of such
defined and stored in a Management
networks. See also Internet Protocol.
Information Base (MIB).
V
violation
An act that bypasses or contravenes
corporate policy.
vulnerability
A security exposure in an operating
system, system software, or application
software component.
W
whois server
A server that is used to retrieve
information about a registered Internet
resources, such as domain names and IP
address allocations.
Glossary 39
40 QRadar Hardware Guide
Index
A descriptions (continued)
QRadar 2100 13
G
about this guide v QRadar 2100 Light 14 glossary 33
appliance descriptions 5 QRadar 3105 (Base) 14
appliance diagrams 23 QRadar 3105 (Console) 15
QRadar 3124 (Base) 15, 19 P
QRadar 3124 (Console) 16 panel features and indicators 23
D QRadar Log Manager 1605 16
descriptions QRadar Log Manager 1628 17
Integrated Management Module
QFlow 1201 5
23 QRadar Log Manager 2100 18
QRadar Log Manager 2100 Light 18
Q
QRadar Log Manager 3105 (Base) 18 QRadar Risk Manager 22
QFlow 1202 5
QFlow 1301 6 QRadar Log Manager 3124
QFlow 1310 7 (Console) 20
QRadar 1400 Data node 7 QRadar Vulnerability Manager 21 S
QRadar 1501 8 diagrams safety instructions 1
QRadar 1605 9 QFlow appliance back panel 24
QRadar 1628 10 QFlow appliance front panel 23
QRadar 1705 11
QRadar 1728 11
QRadar 2100 back panel 24
QRadar 2100 front panel 23
W
QRadar appliance back panel 27 what's new, hardware 3
QRadar 1805 12
QRadar 1828 12 QRadar appliance front panel 26