Installing the MSRPC protocol on the QRadar Console

You must install the MSRPC protocol RPM on the QRadar® Console before events can be collected from a Windows host.

Before you begin

Ensure that you download the MSRPC protocol RPM from the IBM® Support Website onto your QRadar Console.

Procedure

  1. Log in to the QRadar Console as a root user.
  2. Copy the MSRPC protocol RPM to a directory on the QRadar Console.
  3. Go to the directory where you copied the MSRPC protocol RPM by typing the following command: 
    cd <path_to_directory>
  4. Install the MSRPC protocol RPM by typing the following command: 
    yum –y install PROTOCOL-WindowsEventRPC-<version_number>.noarch.rpm
  5. From the Admin tab of the QRadar Console, select Advanced > Deploy Full Configuration.
  6. After you deploy the configuration, select Advanced > Restart Web Server.