Question & Answer
Question
Why is it important to avoid running custom containers using the QRadar Docker Engine ?
Cause
Users may want to run custom or premade containers to extend QRadar’s capabilities with specific functionalities or tools that are not available out-of-the-box or via extensions made using the SDK.
Answer
The QRadar Docker Engine is optimized for QRadar apps to ensure security, stability, and performance. Using it for non-QRadar applications can introduce security vulnerabilities, disrupt resource allocation, and complicate support and compliance. Restricting its use helps maintain operational simplicity and ensures that the engine functions as intended, providing the best performance and reliability for QRadar's specific needs.
Important: This applies to the docker engines on the console and Apphost (If applicable).
Note: Custom applications can be developed using the app framework API and SDK. More information can be found here: Develop an App
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
03 September 2024
UID
ibm17165376