IBM Support

Release of the QRadar Incident Forensics 7.4.0 ISO (7.4.0-QRADAR-QIFFULL-20200304205308)

Release Notes


Abstract

A list of the installation instructions, new features, and resolved issues for the release of QRadar Incident Forensics 7.4.0 (7.4.0-QRADAR-QIFFULL-20200304205308) ISO. These instructions are intended for administrators who want to install QRadar Incident Forensics 7.4.0 by using an ISO file.

Content

Known Issues

Known issues in QRadar 7.4.0
Product Component Number Description
QRADAR EVENTS IJ23194 EVENT COLLECTION CAN STOP ON EVENT COLLECTORS DUE TO INCORRECT PIPELINEDISKMONITOR FREE SPACE CALCULATION

Resolved issues

For a list of APAR links of resolved issues in QRadar Incident Forensics 7.4.0, see Authorized Program Analysis Reports.

Some APAR links might take 24 hours to display properly after a software release is posted to IBM Fix Central.

Resolved issues in QRadar Incident Forensics 7.4.0
Product Component Number Description
QRADAR SECURITY BULLETIN CVE-2020-4274 IBM QRadar SIEM is vulenrable to Authorization bypass
QRADAR SECURITY BULLETIN CVE-2020-4272 IBM QRadar SIEM is vulnerable to instantiation of arbitrary objects
QRADAR SECURITY BULLETIN CVE-2020-4271 IBM QRadar SIEM is vulnerable to PHP object injection
QRADAR SECURITY BULLETIN CVE-2020-4270 IBM QRadar SIEM is vulnerable to privilege escalation
QRADAR SECURITY BULLETIN CVE-2020-4294 IBM QRadar SIEM is vulnerable to Server-Side Request Forgery (SSRF)
QRADAR SECURITY BULLETIN CVE-2020-4269 IBM QRadar SIEM contains hard-coded credentials
QRADAR SECURITY BULLETIN CVE-2020-4272 IBM QRadar SIEM is vulnerable to instantiation of arbitrary objects
QRADAR SECURITY BULLETIN CVE-2020-4151 IBM QRadar SIEM is vulnerable to improper input validation
QRADAR SECURITY BULLETIN CVE-2019-2989 Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM
QRADAR SECURITY BULLETIN CVE-2019-4654 IBM QRadar SIEM is vulnerable to invalid certificate validation
QRADAR SECURITY BULLETIN CVE-2019-4593 IBM QRadar SIEM is vulnerable to information exposure
QRADAR SECURITY BULLETIN CVE-2019-4594 IBM QRadar SIEM is vulnerable to information exposure
QRADAR SECURITY BULLETIN CVE-2017-3164 IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities
QRADAR SECURITY BULLETIN CVE-2019-11135 IBM QRadar SIEM is vulnerable to side channel attack with Intel CPUs

About this installation

These instructions are intended to assist you when you install QRadar Incident Forensics 7.4.0 by using an ISO file. These instructions inform you how to update your deployment to the latest version. For more information, see the QRadar Incident Forensics Installation Guide .

The QRadar Incident Forensics 7.4.0 ISO (7.4.0-QRADAR-QIFFULL-20200304205308) can install QRadar Incident Forensics 7.4.0. However, this document does not cover all of the installation messages and requirements, such as changes to memory requirements or browser requirements for QRadar Incident Forensics.

Part 1. Installing the QRadar Incident Forensics 7.4.0 ISO

These instructions guide you through the process of installing QRadar Incident Forensics 7.4.0.

Note: Installing the software update for the first time will require more time than previous releases. This is a result of architectural changes in QRadar V7.4.0.

Procedure

  1. Download the QRadar Incident Forensics 7.4.0 ISO (5.5 GB) from the IBM Fix Central website: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Incident+Forensics&release=All&platform=All&function=fixId&fixids=7.4.0-QRADAR-QIFFULL-2019.18.0.20200304205308&includeSupersedes=0&source=fc
  2. Use SSH to log in to the Console as the root user.
    NOTE: When you log in, the SSH session should display 7.4.0 as the Console's version. This is verification that the QRadar Console has been updated to 7.4.0, which is required before you update your Incident Forensics appliance.
  3. Open an SSH session to the QRadar Incident Forensics appliance.
  4. To run the ISO installer, type the following command: /media/dvd/setup

    Important: Installing QRadar Incident Forensics 7.4.0 can take 1 to 2 hours to complete on the appliance.

  5. Wait for the installation to complete.
Results

A summary of the ISO installation advises you of any issues. If there are no issues, you can now SSH to managed hosts and start the installer on each host to run the setup in parallel.

Part 2. Installation wrap-up

  1. After all hosts are updated, send an email to your team to inform them that they will need to clear their browser cache before they log in to the QRadar Incident Forensics SIEM interface.
  2. To unmount the /media/dvd directory, type: umount /media/dvd
  3. Delete the ISO from the appliance.
  4. Review any static routes or customized routing. As mentioned in the administrator notes, all routes were removed and will need to be reconfigured after the upgrade completes.
  5. Review any iptable rules that are configured should be reviewed as the interface names have changed in QRadar Incident Forensics 7.4.0 due to the Red Hat Enterprise 7 operating system updates. Update any iptables rules that use Red Hat 6 interface naming conventions.

Where do I find more information?


[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Component":"Release Notes","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4","Edition":"All Editions"}]

Document Information

Modified date:
23 April 2020

UID

ibm15692244