QRadar Network Insights installations on Microsoft Azure

You can send your Microsoft Azure network traffic to IBM® QRadar® Network Insights for content inspection and monitoring.
To deploy QRadar Network Insights on Microsoft Azure, follow this procedure:
  1. Review the minimum system requirements.

    Ensure that the instance that you plan to install can support the flow inspection level that you want to achieve.

  2. Install the QRadar components by using the IBM QRadar SIEM image on Microsoft Azure Marketplace.

    You must install a QRadar Console and a QRadar Network Insights managed host. Other managed hosts, such as flow processors, are optional. For information about how to install QRadar components on Microsoft Azure, see Configuring a Console on Microsoft Azure.

  3. Add the QRadar Network Insights managed host to the QRadar Console.
  4. Configure the flow sources.
  5. Configure a traffic mirroring session.
  6. Verify that the deployment is receiving flow data.

Deployment architecture

The following image shows the traffic flow in a deployment that includes two QRadar Network Insights mirror targets. One QRadar Network Insights instance is used as a flow source for a Flow Processor, while the other instance sends network traffic directly to the QRadar Console.
Figure 1. Example of a QRadar Network Insights deployment
Graphic that shows the mirrored traffic flow in a deployment that has a QRadar Console with one Flow Processor and two QRadar Network Insights hosts attached.