Installing the stand-alone version

You can install IBM Security QRadar Analyst Workflow on QRadar 7.4.0 or later.

About this task

The following instructions describe the installation process for QRadar versions 7.4.0 to 7.4.3 GA only. For installations with QRadar version 7.4.3 Fix Pack 1 and later, IBM Security QRadar Analyst Workflow is installed as a standard application by using extensions management. For more information, see Installing the UBI app version.

The stand-alone version of QRadar Analyst Workflow requires root access to install. If you are using the command line to enable root user privileges, you must use the following command:
sudo su -
If you use sudo su (without -), full root access is not granted.

Procedure

  1. If you have custom certificates, run the following commands on your QRadar Console, in any directory:
    • update-ca-trust
    • systemctl restart docker
  2. Download the latest version of the QRadarAnalystWorkflow<x.x.x>.zip file from Fix Central. See instructions on the IBM Security App Exchange.
  3. Copy the file onto your QRadar host by using the Linux "secure copy" (scp) command or an FTP client.
    Secure copy example: scp QRadarAnalystWorkflow<x.x.x>.zip <QRadar host>:/<directory>
  4. Type the following command to create a new directory on the QRadar host: mkdir qradar-ui
    Note: If the directory exists from a previous installation, you must delete it before you extract the .zip file.
  5. To extract the latest version of the QRadarAnalystWorkflow<x.x.x>.zip file on your QRadar host, type the following command: rm -rf qradar-ui && unzip QRadarAnalystWorkflow<x.x.x>.zip -d qradar-ui
  6. Run ./qradar-ui/start.sh, then wait for the logs to run.
  7. Access the QRadar Analyst Workflow by using one of the following methods:
    • In the navigation menu, click Try the New UI.
    • Access the new UI in your browser at https://<QRadar IP address>/console/ui.