IBM®
QRadar® is
configured to prevent login attempts after five attempts from a single host. This default can result
in locking IBM Security QRadar Suite Software out of QRadar. Administrators must change
the default configuration in QRadar before they integrate
QRadar Suite Software and QRadar. Otherwise, the IBM
QRadar Proxy app might be locked out for all
QRadar Suite Software users.
About this task
Configure how hosts and accounts can be locked out of making future login attempts. These
settings control the maximum number of failed login attempts, the allowed failure window, and the
length of time that the host or account will be prevented from making future login attempts.
Procedure
-
Log in to the QRadar
Console, and go to
.
By default, Host
Lockout is enabled, and the default number of login attempts is 5.
- If the QRadar Suite Software cluster uses
Network Address Translation (NAT), add the routable public-facing IP address of the NAT to the
Login Host Whitelist.
- If the QRadar Suite Software cluster is not
NAT-enabled and the worker node IP addresses are routable to the QRadar IP, complete the following
steps:
- Log in to the Red Hat®
OpenShift® cluster and issue the following
oc command:
oc describe nodes -l node-role.kubernetes.io/worker | grep InternalIP: | awk {' print $2 '}
- Add the list of IP addresses that are returned from the command to the
Login Host Whitelist.
- Enable Account Lockout to prevent login attempts after a
configured number of failed attempts for a single user account.
- Click Save Settings.