When deploying QRadar on an All-in-One Appliance, which function cannot be performed?

In an All-in-One Appliance deployment of QRadar, certain functions are consolidated to optimize performance and management. In this setup, the appliance can handle multiple roles, including that of an Event Processor and a Flow Collector, allowing it to process real-time events and flows simultaneously. However, Risk Manager is a specific function that is not supported in this deployment model.

Risk Manager typically requires dedicated resources for vulnerability management and risk assessment, which might not be feasible on an All-in-One Appliance. This function often requires better scalability, more resource allocation, and isolation from other tasks to operate efficiently. Therefore, it is typically deployed in more advanced architectures where dedicated appliances can handle such specialized roles independently from the standard event processing or flow collection tasks.

By understanding the limitations of the All-in-One Appliance structure, it becomes clear why the Risk Manager function cannot be performed within this setup. This distinction helps ensure that users can appropriately plan their QRadar deployment based on the functional needs of their security operations.