Taking the time to complete these steps will ensure a smooth deployment and get the max value of your new QRadar SIEM appliances.
Here are some tips to review before deploying a QRadar SIEM appliance in your environment as quickly and easily as possible.
- Use the KISS principle (Keep It Simple Silly)
- Review your network design – You have to know what your network design looks like, if you want to be able to protect it. You have to know and understand it before you can secure it. It would be best to have a diagram of your network.
- Gather a complete list of your business assests (servers, network devices, applications, personnel, etc.). There should be a detailed list of IP addresses and names of the above-listed equipment, with their function, within your business environment.
- If you have multiple sites, have them listed by name, location and subnets.
- Confirm that you have access to all equipment that will be sending log events or network traffic (Qflow and Netflow). In larger organizations, you may need to arrange times to meet with the owners to have the devices configured to send the required data.
Now you have the necessary information to start the deployment phase of your QRadar SIEM appliance.