How To
Summary
In this article, you are guided on how to assess a successfully QRadar EDR (formerly ReaQta) agent installation through a simple checklist.
Objective
Following a checklist to understand and assess whether the QRadar EDR agent is successfully checking in to the Hive after it is installed.
Steps
- From the endpoint list, make sure that the endpoint on which you just installed the ReaQta agent does not show any icon warning you about an outdated version under the "Status" column.
Good installation:
Bad installation:
- Sessions time under the "EDR Endpoint Information" section is consistent. Couple of notes here o assess the time:
• “Last heartbeat” is received every 5 minutes.
• Take a look at the "Session Ended" as it determinates the last heartbeat, which is 5 minutes ahead.
- "Live Response" is working (not gray out).
- Agent Version information under the "EDR Endpoint Information" is populated.
For Linux Agent:
For Windows Agent:
- Events are displayed under the "Endpoint Activities" section.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVOEH","label":"IBM Security ReaQta"},"ARM Category":[{"code":"a8m3p000000hBSVAA2","label":"Agent-\u003EInstallation"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Product Synonym
ReaQta
Was this topic helpful?
Document Information
Modified date:
16 May 2023
UID
ibm16843075