QRADAR QLABS SIEM ARCHITECTURE
QRADAR SIEM APPLIANCES ARCHITECTURE
QRadar SIEM (Security Information & Event Management) collects information that includes:
All in One
Small/Medium Business/Enterprises
Sold Only Through Channel
Features:
QRADAR SIEM APPLIANCES ARCHITECTURE
QRadar SIEM (Security Information & Event Management) collects information that includes:
- Security events: Events from firewalls, virtual private networks, intrusion detection systems, intrusion prevention systems and more
- Network events: Events from switches, routers, servers, hosts and more
- Network activity context: Layer 7 application context from network and application traffic
- User or asset context: Contextual data from identity and access-management products and vulnerability scanners
- Operating system information: Vendor name and version number specifics for network assets
- Application logs: Enterprise resource planning (ERP), workflow, application databases, management platforms and more
All in One
Small/Medium Business/Enterprises
Sold Only Through Channel
Features:
15,000 Flows
200 EPS
250 Log Sources
Built in QFlow Collector for low utilized links
Supports SPAN Connection and Accepts 3rd Party Flows
200 EPS
250 Log Sources
Built in QFlow Collector for low utilized links
Supports SPAN Connection and Accepts 3rd Party Flows
QRadar 2100 Appliance
All in One
Small/Medium Enterprises
Features:
25,000 Flows Base (Option for 50K)
1000 EPS
750 Log Sources
Onboard QFlow for SPAN or Tap
Supports distributed QFlow Collectors
2 TB of Storage
QRadar 31xx Series Appliance
QRadar server
Medium/Large enterprises
Features:
Base: 1K EPS and 25K flows
Upgrade options up to 5K EPS and 200K flows
750 Log Sources
Embedded support for NetFlow and JFlow
For Layer 7 requires external QFlow collectors
Upgradable to 3100 Console through use of 1601 or 1701 Processors and upgrade processor appliance
Dedicated Storage for All Data
3100: 3TB
3105: 6TB
3124: 16TB
QRadar 31xx Appliance (dedicated console)
Large enterprise environment
Scales above 5K EPS and supports distributed processors
Features:
Console dedicated to managing distributed or large QRadar deployments.
Processing and analysis of offenses
Report and view generation
Requires 16XX or 17XX
Dedicated Storage for offenses, reporting, saved searches
3100 Console: 3TB
3105 Console: 6TB
3124 Console: 16TB
QRadar Distributed Architecture
QRadar 16xx Event Processor
Scalable or Distributed Log Collection for large enterprises
Sold with 31XX Console
Features:
2500 EPS Base
2500 EPS Upgrade Options to 10K EPS (20,000 for 1605/24)
Dedicated Storage
1601-3TB
1605-6TB
1624-16TB
QRadar 1701 Flow Processor
Sold with 3100 Distributed Console
Distributed Environments
Supports NetFlow Directory
Supports QFlow Collectors
Features:
100K Flows Base
100K Upgrade Options up to 600K Flows
Dedicated Storage
1701: 3TB
1724: 16TB
QRadar 1801 Event & Flow Processor
Scalable or Distributed Log and Flow Collection for enterprises
Supports NetFlow Directory
Supports QFlow Collectors
Sold with 3100 Console
Features:
1000 EPS
25,000 Flows per minute
Optional upgrade to 50,000 flows
2 TB of onboard storage
No comments:
Post a Comment