Advanced Lab Setup

Introduction

The QRadar SIEM labs that come after this lab require demo scripts and sample data files that are not included in the virtual QRadar environment used for the previous lab. We need to download a zip file directly to the QRadar server and unpack it.

If you are using the WireGuard VPN configured in 101: QRadar Demo Setup to access the demo environment then you can perform the following activities from your workstation. If you have not configured VPN access you can perform the activities from the jump server.

Download the Zip File

1. Log into the QRadar server:

   ssh root@172.16.60.10
   bash
   Copy code to clipboard

   The password is: "Q1d3m0".

2. Create a directory for the extended lab data file:

   cd /labfiles
   bash
   Copy code to clipboard

   mkdir extended
   bash
   Copy code to clipboard

   cd extended
   bash
   Copy code to clipboard

3. Download the zip file from IBM Cloud Object Storage:

   curl https://s3.us-south.cloud-object-storage.appdomain.cloud/jeffa-qradar-siem-labfiles/labfiles.zip -o labfiles.zip
   bash
   Copy code to clipboard

   The above command is longer than the text widget, so make sure to use the copy icon to copy the full text.

4. Uncompress the file:

   unzip labfiles.zip
   bash
   Copy code to clipboard

5. This is a big file, so let's remove the zip file to free up some storage space:

   rm labfiles.zip
   bash
   Copy code to clipboard

Summary

That's it - the script and data files we'll need for the extended labs are now on the QRadar server.

Let's go have some fun...