Upgrading the app

Upgrade the IBM® QRadar SOAR Plug-in app to take advantage of new capabilities, defect fixes, and updated workflows. The upgrade process includes installing the app the same way that you would for a clean installation. After the new app version is installed, you have to verify the app configuration settings.

You can use either the IBM QRadar Assistant app or the Extensions Management tool to upgrade. To complete the upgrade process, you must go into the app configuration pages and run the verification process. All QRadar SOAR Plug-in processes and actions are stopped until the verification process is complete.

When you upgrade from QRadar SOAR Plug-in 4.x to 5.x, the following changes are made:
  • Inbound destinations are created in the SOAR environment.
  • Inbound connection and destinations are created on the QRadar Console.
  • The poller process is deprecated and turned off.
  • The app is configured to use an API key account for authentication.
  • Special characters or white spaces in template names will be replaced with `_`.

Before you begin

If you are upgrading to QRadar SOAR Plug-in 5.0, prepare for the upgrade by completing these tasks.
  • Ensure that both the IBM QRadar and SOAR deployments meet the minimum system requirements.
  • If you are running an older version of the app, upgrade to QRadar SOAR Plug-in 4.1.0 before you install 5.0.
  • Install the IBM QRadar SOAR Plug-in 5.x content pack from the IBM Security App Exchange.
  • Use QRadar Console or App Host to create a backup of your existing configuration files by making a copy of the /store/docker/volumes/<plugin_app_id> folder.
  • Ensure that you have SOAR API key credentials for authentication. Username and password are no longer supported.
  • Copy the SOAR CA certificates to the QRadar Console to allow access to the SOAR inbound destinations.

    For more information, see Configuring access to the inbound destinations.

You must be a QRadar administrator to upgrade the app.

To upgrade by using the Extensions Management tool, you must have an IBMid to download the app archive from the IBM Security App Exchange.

About this task

To upgrade from QRadar SOAR Plug-in 5.x to newer version:

  1. Download the app from IBM Security App Exchange.
  2. Complete the installation processes.
  3. Go to Configuration.
  4. Click Migrate and configure, and then click Save.

Procedure

  1. If you are upgrading to QRadar SOAR Plug-in 5.x from 4.1, you can use IBM QRadar Assistant to install the QRadar SOAR Plug-in app.

    The IBM QRadar Assistant app must be configured on the QRadar Console to use this method.

    If you are upgrading to earlier versions of the app, you must download the app from IBM Security App Exchange and install it by using the Extensions Management tool.

    1. In QRadar, click the icon to open the IBM QRadar Assistant app.
    2. On the Applications tab, find the QRadar SOAR Plug-in app.
    3. On the Details Summary page, click See Full Description.
    4. Click Install.
    For more information, see the QRadar Assistant app documentation.
  2. To install the app by using the Extensions Management tool, follow these steps:
    1. Download the QRadar SOAR Plug-in app from the IBM Security App Exchange (https://apps.xforce.ibmcloud.com/) onto your local computer.
    2. On the QRadar navigation menu (), click Admin.
    3. In the System Configuration section, click Extensions Management.
    4. Click Add to upload the app.
    5. Click Browse and locate to find the QRadar SOAR Plug-in .zip file.
    6. Select Install immediately and then click Add.

      You might have to wait several minutes before your app becomes active.

    7. When prompted, choose Replace Existing Items to preserve the data and application configuration, and then click Install.
    8. When the app status changes to Upgrade, click OK to finish installing the app.
    Existing QRadar SOAR Plug-in processes and actions are paused until the app is configured.
  3. Open the app to complete the upgrade and verify the configuration.

    You might have to refresh your browser window in order for the QRadar SOAR Plug-in app to appear on the QRadar Console.

    1. On the Admin tab, in the IBM QRadar SOAR Plugin section, click Configuration.

      On the Access tab, the Upgrade is required message is shown.

    2. Click Upgrade and Configure.

      When this process is complete, a message appears at the end of the page.

    3. If you upgraded to QRadar SOAR Plug-in 5.x, you might have to provide the following configuration information.
      • Provide the SOAR API Key ID and API Key Secret to be used for authentication.
      • If you are connecting to SOAR for IBM Cloud Pak® for Security, you might have to provide the cases-stomp and cases-openwire information again.
    4. Click Verify and configure and then click Save.

What to do next

Follow the instructions in Configuration to configure the QRadar SOAR Plug-in app.