IBM Support

Master Firmware Version List for QRadar Appliances (Updated)

Release Notes


Abstract

Administrators looking for the latest firmware downloads can review this page to locate firmware updates for QRadar appliances. The installation instructions include a direct download link to the firmware from IBM Fix Central.

Content

This page is a landing page for content about firmware updates for QRadar appliances. Each table includes links for administrators to navigate to the release notes. The release notes for the firmware include tabs, typically an About tab to describe the firmware update and an Installation tab with the procedure for administrators. Every release note includes a download link for IBM Fix Central to download the required firmware update.

Quick links:

 
 

Recent releases (change list)

  • April 10, 2019: Release of M5 firmware version 3.3.0 for IMM (remote) and USB (on-premise) installs
  • March 15, 2019: Added a special notice for M5 v3.2.1 firmware for a Samsung SSD drive issue reported in the field.
  • January 22, 2019: Added links to newly published IBM Security Bulletins for M3 v2.2.0, M4 v5.2.0, and M5 v3.2.1 firmware.
  • January 13/14, 2019: Added the release of new M3 (v2.2.0) and M4 (v5.2.0) firmware versions.
  • Dec 5, 2018: Added M5 firmware v3.2.1. An IMM or USB installation method is available for this firmware update.
  • August 13, 2018: Added M3 firmware v2.1.0.
  • June 28, 2018: Added a note about IMM 3.70 and M5 IP address and user issue.
  • June 11, 2018: Added known issue text for M4 2U IMM/ISO v5.0.0 release.
  • June 7, 2018: Updated article to add new M4 firmware release v5.0.0.
  • May 24, 2018: Updated article to add new M5 firmware release v3.0.2.


 

1. What are 1U or 2U form factor appliances?


QRadar 1U form factor appliances: 12xx, 13xx, 15xx, 21xx


QRadar 2U form factor appliances: 16xx, 17xx, 18xx, 31xx

 

2. Upgrade Progression for QRadar Appliance Firmware

 

Administrators who want to upgrade their firmware should install the latest firmware version available as shown in the table below.

The only issue that administrators might experience when attempting to update their appliance is if the IMM firmware version does not match the minimum requirements. This should not be an issue for most administrators as the firmware update will contain multiple revisions of IMM and the firmware update process will attempt to install these updates before it launches the main firmware update. If for some reason you attempt to install the latest firmware package and it does not allow you to update because the IMM is too old, the BoMC utility will display errors for IMM and UFEI. Anytime you experience an error upgrading firmware you should contact QRadar Support for assistance.

 

 
M5 firmware releases
What version do I install to update?
3.3.0 Latest released version
3.2.1 Install firmware v3.3.0
3.0.2
Install firmware v3.3.0
2.1.0
Install firmware v3.3.0
1.0 (Factory release)
Install firmware v3.3.0
 
M4 firmware releases
What version do I install to update?
5.2.0 Latest released version
5.0 (USB) & 5.0.1 (ISO/IMM)
Install firmware v5.2.0
4.1.0 (2U) & 4.0.1 (1U)
Install firmware v5.2.0
3.0.0
Install firmware v5.2.0
2.0.3
Install firmware v5.2.0
1.1
Install firmware v5.2.0
1.0 (Factory release)
Install firmware v5.2.0
 

 
M3 firmware releases
What version do I install to update?
2.2.0 Latest released version
2.1.0 Install firmware v2.2.0
1.0 (Factory release)
Install firmware v2.2.0
 
 

3. Where can I find CVE Related Information for Updates?

We include a change list and CVEs resolved by the firmware update on newer firmware versions. The change list is attached to the release notes; however, the change lists are packaged with the EXE file for the firmware update. Administrators can extract the EXE and review the change list in \BootableMediaCreatorv\workingdir\ to view all of the provided change files. All .chg files contain all notes and readme information for each firmware update listed by category, such as IMM, UEFI/DSA, Raid Controller, etc. Change files (.chg) attached to the release notes can be opened by any text editor, such as Notepad++ or Wordpad.

For more information, see:

 

4. Installation types: remote (IMM) versus on-premise (USB)

The latest firmware updates available use the Integrated Management Module (IMM) to upgrade firmware as remote management interfaces are available to most administrators to first update the IMM using a .uxz file, the to mount and boot from the firmware ISO. This allows administrators more flexibility to remotely update appliance firmware, where the USB installer is intended for on-premise (local) appliance updates. The latest versions of USB firmware releases use a .IMG file and bootable USB key utilities, such as Rufus to create a USB key that can be used to update firmware on the QRadar appliance. Not all administrators have a Windows workstation to create the USB drives or allow USB drives in their data centers, so two upgrade types are provided for update flexibility. There are some older versions of firmware that use the IBM Bootable Media Creator, instead of .IMG files and the Rufus to create bootable USB drives. The following table outlines Windows operating systems that can be used to create a bootable USB drive for each firmware versions. The newest method of creating a bootable USB drive is to use an IMG file and Rufus where the older method used the IBM Bootable Media Creator utility. Each of these bootable media tools has Windows operating system restrictions, so we provide that information below.  Administrators do not have access to Windows workstation can use the IMM instructions to update their QRadar xSeries appliances.


Bootable USB drive software and Windows OS version support

M5 Firmware
USB install type Supports Windows XP/Vista
Supports Windows 7?
Supports Windows 8/10?
3.3.0 IMG file/Rufus Bootable Media Creator No Yes Yes
3.2.1 IMG file/Rufus Bootable Media Creator No Yes Yes
3.0.2
IBM Bootable Media Creator No
Yes
Yes
2.1.0
IBM Bootable Media Creator No
Yes
Yes
1.0 (Factory)
IBM Bootable Media Creator No
Yes
Yes
 
M4 Firmware
USB install type Supports Windows XP/Vista
Supports Windows 7?
Supports Windows 8/10?
5.2.0 IMG file/Rufus Bootable Media Creator No Yes Yes
5.0 & 5.0.1
IBM Bootable Media Creator No
Yes
No
4.1.0 (2U) & 4.0.1 (1U)
IBM Bootable Media Creator No
Yes
No
3.0.0
IBM Bootable Media Creator No
Yes
No
2.0.3
IBM Bootable Media Creator No
Yes
No
1.1
IBM Bootable Media Creator No
Yes
No
1.0 (Factory)
IBM Bootable Media Creator No
Yes
No
 

 
M3 Firmware
USB install type Supports Windows XP/Vista
Supports Windows 7?
Supports Windows 8/10?
2.2.0 IMG file/Rufus Bootable Media Creator No Yes Yes
2.1.0
IBM Bootable Media Creator No
Yes
Yes
1.0
IBM Bootable Media Creator No
Yes
No
 
 

5. Master Firmware Version List for M5 Appliances

Administrators can use the table below to locate the proper firmware for their M5 appliance. This firmware bundle can be installed on any QRadar M5 appliance and will work for both 1U and 2U form factors. If you are unsure or have questions, you can ask a question in our forums ( http://ibm.biz/qradarforums ) or contact support.

IMPORTANT: Administrators with M5 appliances and IMM version 3.70 might experience an issue where the firmware update can reset the IP address configuration or user configuration on the remote management device (IMM). Verify the IP address for your IMM before you update. If you need to reconfigure your IP address, you might need a Console or crash cart connection to the appliance if you use IMM as a primary method to SSH or remote managed your QRadar appliance.

 
Firmware version Server type Machine type Form factor Appliances Installation instructions
3.3.0 x3550 M5
and
x3650 M5
MT 8871
and
MT 8869
1U
and
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture

IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)



This update updates several firmware packages and resolves the Samsung sizing issue on solid state drives (SSDs): FRU 01GR787, Model number MZILS3T8HMLHV3. See: http://ibm.biz/qradarm5ssd for more info on this issue.
 
3.2.1 x3550 M5
and
x3650 M5
MT 8871
and
MT 8869
1U
and
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture

IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

Important: New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:

3.0.2 x3550 M5
and
x3650 M5
MT 8871
and
MT 8869
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
ISO / IMM (remote update instructions)

NOTE: This update resolves multiple security vulnerabilities, including CVE-2017-5715 as reported in the firmware release notes. At this time USB installs are not available. Administrators must use their Integrated Management Module (IMM) to update M5 xSeries firmware until further notice.
2.1.0 x3550 M5
and
x3650 M5
MT 8871
and
MT 8869
1U
and
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
ISO / IMM (remote update instructions)
1.0.0 (Factory)
x3550 M5
and
x3650 M5
MT 8871
and
MT 8869
1U
and
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
N/A (Factory install)
 
 

6. Master Firmware Version List for M4 Appliances

Administrators can use the table below to locate the proper firmware for their M4 appliance. Administrators should always install the latest firmware. Prerequisites are listed in the release notes, but administrators should attempt to update, unless they do not meet the minimum requirements. In situations where you do not meet a prerequisite, you can ask a question in our forums (http://ibm.biz/qradarforums) or contact support (https://ibm.com/mysupport).

 
Firmware version Server type Machine type Form factor Appliances Installation type
5.2.0 (Latest)
x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
 
ISO / IMM (remote update instructions)

USB Drive (local update instructions)
 

Important: New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:

5.2.0 (Latest) x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
ISO / IMM (remote update instructions)

USB Drive (local update instructions)
 

Important: New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:

5.0.1 ISO/IMM

5.0 USB

(Superseded by 5.2.0)
 
x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28

NOTE: This update resolves multiple security vulnerabilities, including CVE-2017-5715 as reported in the firmware release notes.
ISO / IMM (remote update instructions)

USB Key (local update instructions)

NOTE: The ISO/IMM firmware version 5.0.0 has been replaced by version 5.0.1 to resolve an issue where the model type list did not display when attempting to update a M4 2U appliance over IMM. This issue is resolved and links are updated in the release notes to direct users to firmware 5.0.1 on Fix Central.
5.0 (Superseded by 5.2.0) x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
ISO / IMM (remote update instructions)

USB Key (local update instructions)

NOTE: This update resolves multiple security vulnerabilities, including CVE-2017-5715 as reported in the firmware release notes.
4.1.0 (Superseded by 5.2.0) x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
ISO / IMM (remote update instructions)
4.0.1 (Superseded by 5.2.0) x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
ISO / IMM (remote update instructions)
3.0.0 (Superseded by 5.2.0) x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
2U Link
3.0.0 (Superseded by 5.2.0) x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
1U Link
2.0.3 (Superseded by 5.2.0) x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
Link
2.0.3 (Superseded by 5.2.0) x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
Link
1.1 (Superseded by 5.2.0) x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
Link
1.1 (Superseded by 5.2.0) x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
Link
1.0 (Superseded by 5.2.0) x3550 M4 7914 1U Firmware version 1.0 was replaced with firmware 1.1. Firmware 1.1 contains the same firmware update files and includes an easier installation method using a USB drive. N/A (Factory install)
1.0 (Superseded by 5.2.0) x3650 M4 BD 5466 2U Firmware version 1.0 was replaced with firmware 1.1. Firmware 1.1 contains the same firmware update files and includes an easier installation method using a USB drive. N/A (Factory install)
 

 

7. Master Firmware Version List for M3 Appliances

Administrators can use the table below to locate the proper firmware for their M3 appliance. IBM does not publish remote update (IMM/ISO) instructions for M3 appliances as this time and administrators with M3 appliances are required to use a USB drive to complete firmware updates.  If you have questions about the firmware release, you can ask a question in our forums ( http://ibm.biz/qradarforums ) or contact support.

 
Firmware version Server type Machine type Form factor Appliances Installation instructions
2.2.0 (Latest) x3550 M3 7944 1U 4378-Q21 - IBM QRadar 2100
4378-QC1 - IBM QFlow Collector 1201
4378-QC2 - IBM QFlow Collector 1202
4378-QSR - IBM QFlow Collector 1301
4378-QLR - IBM QFlow Collector 1302
4378-QD1 - IBM Event Collector 1501
USB Drive Installation Instructions
 

Important: New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:

2.2.0 (Latest) x3630 M3 7377 2U 4379-Q05 - IBM QRadar xx05 G1
4379-Q24 - IBM QRadar xx24 G1
USB Drive Installation Instructions
 

Important: New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:

2.1 (Superseded by 2.2.0) x3550 M3 7944 1U 4378-Q21 - IBM QRadar 2100
4378-QC1 - IBM QFlow Collector 1201
4378-QC2 - IBM QFlow Collector 1202
4378-QSR - IBM QFlow Collector 1301
4378-QLR - IBM QFlow Collector 1302
4378-QD1 - IBM Event Collector 1501
USB Drive Installation Instructions
2.1 (Superseded by 2.2.0) x3630 M3 7377 2U 4379-Q05 - IBM QRadar xx05 G1
4379-Q24 - IBM QRadar xx24 G1
USB Drive Installation Instructions
1.0 (Superseded by 2.2.0) x3550 M3 7944 1U 4378-Q21 - IBM QRadar 2100
4378-QC1 - IBM QFlow Collector 1201
4378-QC2 - IBM QFlow Collector 1202
4378-QSR - IBM QFlow Collector 1301
4378-QLR - IBM QFlow Collector 1302
4378-QD1 - IBM Event Collector 1501
USB Drive Installation Instructions
1.0 x3630 M3 7377 2U 4379-Q05 - IBM QRadar xx05 G1
4379-Q24 - IBM QRadar xx24 G1
USB Drive Installation Instructions
 

 

8. Installing Firmware on HA Appliances

8a: Setting the Secondary Active

Before you attempt to install any firmware, the administrator must set the primary offline and wait for the secondary appliance to become active. This process will take 5-10 minutes to complete depending on your hardware and appliance type.

  1. Click the Admin tab.
  2. Click the System and License Management icon.
  3. Select the HA primary appliance. This is the system that you want to set to offline.
  4. From the toolbar, select High Availability > Set System Offline.
  5. Wait for the (primary) appliance Host Status column to display Offline.
  6. Verify that the Host Status for the secondary displays Active.
  7. To verify the primary is offline, SSH to the primary appliance.
  8. From the command line, type service hostcontext status.
  9. Verify the status displays stopped.

    Results
    You are now ready to update the M3 firmware on the primary (Offline) appliance.

8b: Installing Firmware on the Primary

  1. Insert the USB drive that has the bootable image into the QRadar appliance.
  2. From the terminal of the KVM switch for the appliance, log in by using the root credentials.
  3. From the command prompt, type: reboot.
  4. As the appliance is rebooting, press the F12 key to select a boot device.
  5. Select the bootable firmware image, for example, USB Storage and Press Enter.
  6. When prompted, select the Updates option and complete the firmware installation.

8c: Setting the Primary Active

The administrator must set the secondary offline and wait for the status of the primary appliance to change from Standby to Active. This process will take 5-10 minutes to complete depending on your hardware and appliance type.

  1. Click the Admin tab.
  2. Click the System and License Management icon.
  3. Verify the Primary HA appliance is in standby.
  4. If the Primary is in the offline state, right-click the Primary appliance and select Set System Online.
  5. Select the HA secondary appliance. The secondary is the system that you want to set to offline.
  6. From the toolbar, select High Availability > Set System Offline.
  7. Wait for the secondary appliance Host Status column to display Offline.
  8. Wait for the primary appliance Host Status column to transition from Standby to Active.
  9. To verify the primary is offline, SSH to the primary appliance.
  10. From the command line, type service hostcontext status.
  11. Verify the status is stopped.

8d: Installing Firmware on the Secondary

  1. Insert the USB drive that has the bootable image into the QRadar appliance.
  2. From the terminal of the KVM switch for the appliance, log in by using the root credentials.
  3. From the command prompt, type: reboot.
  4. As the appliance is rebooting, press the F12 key to select a boot device.
  5. Select the bootable firmware image, for example, USB Storage and Press Enter.
  6. When prompted, select the Updates option and complete the firmware installation.

8e: Setting the Secondary to Standby

  1. Click the Admin tab.
  2. On the navigation menu, click System Configuration.
  3. Click the System and License Management icon.
  4. Verify the secondary HA appliance is in standby.
  5. If the secondary is in the offline state, right-click the secondary appliance and select Set System Online.

    Results
    The secondary is Standby and the Primary appliance is in Online. The firmware update is complete. If you have additional questions, ask us in our forums at http://ibm.biz/qradarforums or open a support ticket with QRadar Support .

Original Publication Date

30 September 2016

Where do you find more information?


[{"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Documentation","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.1;7.3;7.2.8;7.2","Edition":""}]

Document Information

Modified date:
03 July 2019

UID

swg27047121