IBM Support

QRadar EDR (formerly ReaQTa): TLS 1.2 Support for Windows Agents

How To


Summary

IBM QRadar EDR (formerly ReaQTa) remains committed to maintain the highest security standards by ensuring the safest communication protocols are in place. QRadar EDR enforces the usage of TLS 1.2 in order to grant a safe connection between Endpoints and the Server. This technote addresses the steps to check and ensure that your Endpoints are able to safely communicate by using TLS 1.2.

Environment

QRadar EDR 3.9.0+

Steps

An installed Windows endpoint unable to communicate over TLS 1.2 appears “offline” from the Dashboard;
  1. Verify whether the endpoint is powered on and able to use the network in order to reach the QRadar EDR server.
  2. Verify whether the local service “keeper” is running from the Windows command-line 
    sc query keeper
  3. Check whether the endpoints requirements are met.
  4. If the issue persists, contact support.
An endpoint, not yet installed, in presence of TLS 1.2 issues is unable to register:
  1. The agent registration logs show Backend communication problem
    • Information on how to view the agent registration logs can be found here
  2. Verify whether you're running one of the following legacy Windows Operating Systems
    • Windows 7
    • Windows Server 2008 R2
    • Windows Server 2012 R2
  3. The Operating Systems in the previous step do not support TLS 1.2 natively. Therefore, it's necessary to apply all the latest Microsoft Windows Updates
  4. Once the updates are completed, refer to the following Microsoft page in order to ensure TLS 1.2 is correctly configured: Update to enable TLS 1.1 and TLS 1.2 as default
  5. Required enabled ciphers are: EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVOEH","label":"IBM Security ReaQta"},"ARM Category":[{"code":"a8m3p000000hBSGAA2","label":"Agent-\u003EInstallation-\u003EWindows"}],"ARM Case Number":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"All Versions"}]

Product Synonym

ReaQta

Document Information

Modified date:
11 May 2023

UID

ibm16827923

Page Feedback