Upgrading QRadar Use Case Manager
To take advantage of new capabilities, defect fixes, and updated workflows, upgrade to new versions of the IBM® QRadar® Use Case Manager app. Use either the Extensions Management tool in IBM® QRadar® or the IBM QRadar Assistant app to upgrade the app.
Before you begin
About this task
In QRadar Use Case Manager 2.3.0 or later, the Cyber Adversary Framework Mapping app is no longer required. QRadar Use Case Manager detects the presence of the Cyber Adversary Framework Mapping app and prompts you to uninstall the app on the configuration page. QRadar Use Case Manager gathers any existing mappings from the Cyber Adversary Framework Mapping app during installation. If you continue to use the Cyber Adversary Framework Mapping app to edit MITRE mappings, any new or updated mappings are not added to QRadar Use Case Manager and the data becomes out of sync. In that case, you must manually export and import the mappings into QRadar Use Case Manager.
- If the IBM QRadar Assistant app is configured on QRadar, use the following instructions to install the QRadar Use Case Manager app: QRadar Assistant app (https://www.ibm.com/support/knowledgecenter/SS42VS_latest/com.ibm.apps.doc/t_qradar_adm_assistant_download.html).
- If the QRadar
Assistant app is not configured, download the QRadar Use Case
Manager app archive from the IBM Security App
Exchange (https://apps.xforce.ibmcloud.com/) onto your local computer. You must have an IBM ID to access the App
- On the Admin tab, click Extension Management.
- In the Extension Management page, click Add and select the app archive that you want to upload to the console.
- Select the Install immediately checkbox.
Important: You might have to wait several minutes before your app becomes active. When the installation is complete, clear your browser cache and refresh the browser window before you use the app.
- On the page that prompts you to update the current app version, leave the Replace existing items option selected, and click Install.
- After the installation is complete, go to .
- On the Configuration page, click Uninstall to
remove the Cyber Adversary Framework Mapping
app from your
environment. All of your previous MITRE-mappings are preserved.
- After the Cyber Adversary Framework Mapping app is removed, export your MITRE mappings as a backup copy, in case you delete the QRadar Use Case Manager app later. If you uninstall QRadar Use Case Manager later, all of the mappings are deleted from your environment.
In deployments where QRadar User Behavior Analytics 4.1.0 or later and QRadar Use Case Manager 3.2.0 or later are both installed, the two apps automatically communicate with each other. The rules from QRadar User Behavior Analytics are integrated into the QRadar Use Case Manager app for further investigation and tuning.