How To
Summary
IBM QRadar EDR (formerly ReaQTa) remains committed to maintain the highest security standards by ensuring the safest communication protocols are in place. QRadar EDR enforces the usage of TLS 1.2 in order to grant a safe connection between Endpoints and the Server. This technote addresses the steps to check and ensure that your Endpoints are able to safely communicate by using TLS 1.2.
Environment
QRadar EDR 3.9.0+
Steps
An installed Windows endpoint unable to communicate over TLS 1.2 appears “offline” from the Dashboard;
- Verify whether the endpoint is powered on and able to use the network in order to reach the QRadar EDR server.
- Verify whether the local service “keeper” is running from the Windows command-line
sc query keeper
- Check whether the endpoints requirements are met.
- If the issue persists, contact support.
An endpoint, not yet installed, in presence of TLS 1.2 issues is unable to register:
- The agent registration logs show Backend communication problem
- Information on how to view the agent registration logs can be found here
- Verify whether you're running one of the following legacy Windows Operating Systems
- Windows 7
- Windows Server 2008 R2
- Windows Server 2012 R2
- The Operating Systems in the previous step do not support TLS 1.2 natively. Therefore, it's necessary to apply all the latest Microsoft Windows Updates
- Once the updates are completed, refer to the following Microsoft page in order to ensure TLS 1.2 is correctly configured: Update to enable TLS 1.1 and TLS 1.2 as default
- Required enabled ciphers are: EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVOEH","label":"IBM Security ReaQta"},"ARM Category":[{"code":"a8m3p000000hBSGAA2","label":"Agent-\u003EInstallation-\u003EWindows"}],"ARM Case Number":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"All Versions"}]
Product Synonym
ReaQta
Was this topic helpful?
Document Information
Modified date:
11 May 2023
UID
ibm16827923