In this post, I walk through the process of installing IBM QRadar Community Edition on a Proxmox server in my home lab. This setup helps me explore QRadar’s features, understand its architecture, and gain hands-on experience with one of the most widely used SIEM platforms in cybersecurity. In future blog posts, I’ll dive deeper into building custom rules, tuning detections, and exploring the full range of QRadar’s capabilities to enhance threat detection and incident response.
Note: I tried installing the latest version available that is 7.5 but ran into multiple issues shown below. I eventually ended up installing the version 7.3.3 which ran without any issues.
Downloading QRadar 7.5.0
To download the Community Edition of QRadar, simply go to this link and click on the Download the ISO button. A new page will open from where you can download the ISO.
Getting Proxmox Ready for VM Creation
It is essential to provide sufficient resources to your VM in Proxmox to run QRadar smoothly. Follow the guidelines here: System Requirements
Creating QRadar VM
Set all the parameters as shown below:
General
Assign a VM ID and a Name
OS
Choose the downloaded ISO
Type: Linux
System
Assign Disk Size (300 GB)
CPU
Select number of cores (8)
Memory
Assign RAM (32 GB)
Click on Finish and then start the VM
Installing QRadar
Follow the screenshots below until you reach the last step, where you need to set the root user password and then click Finish.
The Installation would take anywhere from 30-50 minutes depending on your system. Once done, a login prompt will appear where you can use the root user account to connect to the server.
Issues Experienced with QRadar 7.5.0
1. No Graphical Interface
During the installation, the process where you can assign a static IP, create users etc., will not show up. Instead the installer automatically dropped into Text Mode.
Solutions Tried
Changing the Display Hardware in Proxmox
Changing Machine Type
Assigning more resources i.e RAM and Storage
None of this worked
Using Text Mode to Set up Users and Configure Network Settings
During reboot, when you see the Menu options, press e to edit boot parameters.
Steps to Boot into Text Mode
Use your arrow keys to move the cursor to the end of the line starting with linux.
The line currently ends with console=tty1.
Add a space and then the number 3.
It should look like: ... console=ttyS0,9600 console=tty1 3.
Press Ctrl-X or F10 to boot with this setting.
Once the installer restarts, it will stop at the below screen where you can use the Text Mode to configure the settings
This will give you ability to configure network settings and create users in Text Mode.
Tomcat Issues
Another major issue I ran with version 7.5.0 was with the tomcat service. I was able to ping the IP but the GUI to login into QRadar wasn’t working. This is where I decided to install version 7.3.3.
QRadar Version 7.3.3
Using the same steps, I was able to install Qradar 7.3.3 without any issues.
Leave a Reply