Yes, it can.  The installer supports unattended installation through GPO/SCCM/RMM.

Yes, it is. ReaQta-Hive supports Citrix VDI infrastructures. The agent must be installed on the master image by adding the --vdi parameter option. Make also sure to have enough licenses available before the provisioning. Then, switch off the master image endpoint and provision the infrastructure.

Processor: Intel/AMD 32 and 64 bits. 
Hard disk: 90MB
Minimal memory usage: Approx. 60MB

10MB+

Yes, it does. Connection is mandatory at installation time. ReaQta supports direct connections and simple nonauthenticated proxies. Every solution that performs Man In The Middle, disrupts the connection of the agent.

Intel and AMD.

• Windows:
  
  Workstation: (7 fully updated to 10).
  Server: Windows 2008 R2 (fully updated), Windows 2012 R2 (fully updated) to the most recent ones.
   
• Linux (64bit): Ubuntu(18.04 and higher), CentOS (7), Debian (8), Red Hat Enterprise, and CentOS 8.
• MacOS: from HighSierra onwards.
• Android: from 4.2 onwards.
   

No, it does not. Occasionally you can be prompted with a message box that offers the option to reboot, it can be safely ignored.

ReaQta’s agent does not implement a UI. The solution is centrally handled from the dashboard.

Yes, you do. You need a connection in order to download the signatures.

1. Install the ReaQta-Hive.
2. Enable the Antimalware package from Administration -> Update Manager
3. Enable the Anti-Malware Protected Endpoints module delivery (upper-right corner slider) from Administration -> Antimalware settings.

The license might be no longer valid, contact QRadar EDR support.

1. Collect from the server the following logs:
   
   sudo journalctl CONTAINER_NAME=event-hive > event-hive.log
   sudo journalctl CONTAINER_NAME=elasticsearch > elasticsearch.log
   sudo journalctl CONTAINER_NAME=cassandra > cassandra.log
    
2. Install the following:
   
   sudo apt install fio ioping
    
3. Follow the procedure mentioned below:
   
   sudo systemctl stop reaqta
   sudo fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=/data/fio-test --bs=4k --iodepth=64 --size=4G --readwrite=randrw
4. Collect the file: /data/fio-test
   
   sudo rm -f /data/fio-test
   sudo ioping -c 10 /data
   sudo systemctl start reaqta

No it will not. Benign/Malicious are labels only.

Check with the ReaQta Dashboard administrator if the protection policies are enabled.

• Google Authenticator.
• Authy
• MS Authenticator 

If you are using our postfix config, the issue is typically that mail providers reject those emails by default, since our postfix container does not have reputation, and looks suspicious.

Check the security settings on the account through.

This occurs if the sender and account they put in to the ReaQta email configuration are the same. Many mail providers do not allow you to authenticate with one address then send as another.

QRadar EDR is a next-generation Endpoint Threat Response Platform that, supercharges legacy security through behavioral-based monitoring at the OS/kernel level, which makes it unable to be shut down by attackers.

It uses machine learning to detect when application behavior deviates from a normalized baseline and allows an analyst to analyze, assess, and remediate an attack from within the same platform.

Yes, it can. ReaQta-Hive coexists with any Antivirus solutions to provide an enhancement layer of security, visibility, and control.  However, it is not recommended to have more than 1 antivirus solution installed on the end point, as it can cause conflict and malfunctioning of the security posture on the environment.

No, it is not. In fact, ReaQta is a lightweight system with low RAM consumption (average 20MB) and it is designated to use no more than 1% of CPU.

Yes, you can. You can push configuration or integrate ReaQta with other systems through the ReaQta API.

Use the Forward Alerts configuration in the ReaQta Hive Dashboard UI to configure your Hive server to send alert data to 3rd party solutions.

For more detailed information about it, follow the next link:  ReaQta: Sending alerts from ReaQta Hive to a 3rd party SIEM

ReaQta-Hive detects threats based on behaviors only. Hence, you can copy a malware into a machine (PC) and if it is executed - but if it is not malicious or if it is inactive, ReaQta-Hive does not trigger any incident. There is no business impact to the user in such a scenario. But if you run/execute the malware, there will be an event log (regardless of whether suspicious or not) so threat hunting allows you to find information about the suspicious application.

Collect the log created in %TEMP% (C:\Users\<Username>\AppData\Local\Temp) that begins with rqt (rqt_installer), and provide the file to ReaQta support.

For more detailed information about 'Registration Failed' error messages visit: ReaQta: Troubleshooting registration errors that occur during client installation

17 = Hypervisor disabled.
-7 = VT-X not enabled or AVAST or Hyper-V.
-5 = CPU does not meet hypervisor requirements.
-3 = No consecutive memory segment.
11 = Other hypervisor present.
12 = Allocation failed.
13 = NanoOS Startup failed.
14 = DeviceIO failed.
15 = Internal error.
16 = Unknow error.
18/19 = Version not supported.
900/999 = Driver communication error (outdated machine). 
9999 =  Hypervisor not started.

1. Take one of the Endpoint names and the timestamp of when this happens, verify whether it can be reproduced and report the steps.
2. Collect the following files:
   
   C:\Windows\Minidump
   C:\Windows\MEMORY.DMP (not always available).
    
3. Sent data to ReaQta Support.

1. Check connectivity and determinate whether the endpoint is able to reach the backend server or not. 
2. If the service keeper is stopped, attempt a service restart.
3. If it appears “stop pending”, kill and restart it.

1. Check if Keeper is running during the uninstallation, if yes, terminate Keeper process.
2. If the corresponding endpoint entry is still available from the dashboard side, uninstalls it.

From console:

systemctl keeperx status