IBM VEST Workshops
30 min
Last updated 06/10/2023

Advanced Lab Setup

Introduction

The QRadar SIEM labs that come after this lab require demo scripts and sample data files that are not included in the virtual QRadar environment used for the previous lab. We need to download a zip file directly to the QRadar server and unpack it.

If you are using the WireGuard VPN configured in 101: QRadar Demo Setup to access the demo environment then you can perform the following activities from your workstation. If you have not configured VPN access you can perform the activities from the jump server.

Download the Zip File

  1. Log into the QRadar server:

    ssh root@172.16.60.10
    bash

    The password is: "Q1d3m0".

  2. Create a directory for the extended lab data file:

    cd /labfiles
    bash
    mkdir extended
    bash
    cd extended
    bash
  3. Download the zip file from IBM Cloud Object Storage:

    curl https://s3.us-south.cloud-object-storage.appdomain.cloud/jeffa-qradar-siem-labfiles/labfiles.zip -o labfiles.zip
    bash

    The above command is longer than the text widget, so make sure to use the copy icon to copy the full text.

  4. Uncompress the file:

    unzip labfiles.zip
    bash
  5. This is a big file, so let's remove the zip file to free up some storage space:

    rm labfiles.zip
    bash

Summary

That's it - the script and data files we'll need for the extended labs are now on the QRadar server.

Let's go have some fun...