Before you begin
In an MSSP deployment, you must specify a GID when you install the QRadar EDR Agent, otherwise the endpoint registration fails.
Procedure
- Click .
- Select a Hive Package.
- For a 64-bit Windows endpoint, click
Hive Package.
- For a 32-bit Windows endpoint, click
Hive Package
(32).
- Click Installer Download.
- Click Download.
Tip: Select groups in the Parameters
section to get the group IDs that you need when you run the installer.
- If you are installing the QRadar EDR Agent on an endpoint that is not the same endpoint
where you downloaded the agent, copy the installer file to the other endpoint.
- Run the installer.
Table 1. QRadar EDR Dashboard parameters
Parameter |
Description |
URL |
Your QRadar EDR Dashboard server
URL, including the port. Note: If your QRadar EDR Dashboard server uses port 443, you don't
need to include the port.
|
Group IDs |
A comma-separated list of group IDs. At least one group ID is required in
MSSP deployments. |
Proxy |
If you are using a proxy to access QRadar EDR Dashboard, enter the proxy URL and port.
It must be a nonauthenticated proxy. |
Installer |
The file name of the installer that you downloaded. |
msiexec /I <installer>.msi IPFORM="<URL> --gids <group_IDs>" /qb
Results
The agent is installed on the endpoint, and it automatically registers
the endpoint in QRadar EDR Dashboard if it has an internet
connection.