Installing QRadar VA on VirtualBox

Tested with QRadar 7.1 on virtual box 4.2.8

Create a redhat 64 bit VM blank appliance. 32GB minimum disk (either dynamic or static is fine. Allocate 8GB of RAM for all in one SEIM. Link the ISO and boot

  • Select the first option in GRUB (install with VGA), skip checking the media and wait for the redhat install to complete
  • It will reboot at the end. Don’t forget to unlink the ISO image so it boots from the drive
  • Select the first option in GRUB (install QRadar)
  • It will then install actual Q1 components
  • At the end of the installation type “SETUP” to run get QRadar configured
  • Go through the license, and activate. Keep in mind that
  • SIEM All in one - requires 8G
  • Software only - does not need 8Gb but lacks the web console
  • specify server for the time sync - and put in pool.ntp.org on the next one, so you can pause/resume the VM with no issues
  • Specify your VM network parameters and a fake email server (you’ll get mail right on the box by default).
  • Reboot. Browse to the box, you should see the QRadar console come up. Enjoy

Network configs

For bridged (not natted connection) qradar.hq.dom 192.168.1.80 Net 255.255.255.0

DNS 192.168.1.1
emailserver: qradar
root/Passw0rd


Name qradar.domain
IP 10.0.2.10
Net 255.255.255.0
Gateway 10.0.2.2
DNS 10.0.2.3

Email server email.qradar.domain root/admin

Remove vmware tools

yum remove vmware-tools-foundations

Install virtual box tools

click install guest additions mount /dev/cdrom /media/cdrom/VBoxLinuxAdditions.run

Tags: NetSec