IBM Support

Release of the QRadar Network Insights 7.4.0 ISO (7.4.0-QRADAR-QNIFULL-20200304205308)

Release Notes


Abstract

A list of the installation instructions, new features, and resolved issues for the release of QRadar Network Insights 7.4.0 (7.4.0-QRADAR-QNIFULL-20200304205308) ISO. These instructions are intended for administrators who want to install QRadar Network Insights 7.4.0 by using an ISO file.

Content

Known Issues

Known issues in QRadar 7.4.0
Product Component Number Description
QRADAR EVENTS IJ23194 EVENT COLLECTION CAN STOP ON EVENT COLLECTORS DUE TO INCORRECT PIPELINEDISKMONITOR FREE SPACE CALCULATION

Resolved issues

For a list of APAR links of resolved issues in QRadar 7.4.0, see Authorized Program Analysis Reports.

Some APAR links might take 24 hours to display properly after a software release is posted to IBM Fix Central.

Resolved issues in QRadar Network Insights 7.4.0
Product Component Number Description
QRADAR SECURITY BULLETIN CVE-2020-4274 IBM QRadar SIEM is vulenrable to Authorization bypass
QRADAR SECURITY BULLETIN CVE-2020-4272 IBM QRadar SIEM is vulnerable to instantiation of arbitrary objects
QRADAR SECURITY BULLETIN CVE-2020-4271 IBM QRadar SIEM is vulnerable to PHP object injection
QRADAR SECURITY BULLETIN CVE-2020-4270 IBM QRadar SIEM is vulnerable to privilege escalation
QRADAR SECURITY BULLETIN CVE-2020-4294 IBM QRadar SIEM is vulnerable to Server-Side Request Forgery (SSRF)
QRADAR SECURITY BULLETIN CVE-2020-4269 IBM QRadar SIEM contains hard-coded credentials
QRADAR SECURITY BULLETIN CVE-2020-4272 IBM QRadar SIEM is vulnerable to instantiation of arbitrary objects
QRADAR SECURITY BULLETIN CVE-2020-4151 IBM QRadar SIEM is vulnerable to improper input validation
QRADAR SECURITY BULLETIN CVE-2019-2989 Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM
QRADAR SECURITY BULLETIN CVE-2019-4654 IBM QRadar SIEM is vulnerable to invalid certificate validation
QRADAR SECURITY BULLETIN CVE-2019-4593 IBM QRadar SIEM is vulnerable to information exposure
QRADAR SECURITY BULLETIN CVE-2019-4594 IBM QRadar SIEM is vulnerable to information exposure
QRADAR SECURITY BULLETIN CVE-2017-3164 IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities
QRADAR SECURITY BULLETIN CVE-2019-11135 IBM QRadar SIEM is vulnerable to side channel attack with Intel CPUs

What's new

For information on what's new in QRadar products for version 7.4.0, see the following information: https://www.ibm.com/support/knowledgecenter/SS42VS_7.4.0/com.ibm.qradar.doc/c_qradar_ov_whats_new_740.html

About this installation

These instructions are intended to assist you when you install QRadar Network Insights 7.4.0 by using an ISO file.

Part 1. Installing the QRadar Network Insights 7.4.0 ISO

These instructions guide you through the process of installing QRadar Network Insights 7.4.0.
Note: Installing the software update for the first time will require more time than previous releases. This is a result of architectural changes in QRadar V7.4.0.

Procedure

  1. Download the QRadar Network Insights 7.4.0 ISO (5+ GB) from the IBM Fix Central website: https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+QRadar+Network+Insights&fixids=7.4.0-QRADAR-QNIFULL-2019.18.0.20200304205308&source=SAR&function=fixId&parent=IBM%20Security
    NOTE: QRadar Incident Forensics and QRadar Network Insights use separate ISO files to install 7.4.0.
  2. Use SSH to log in to the Console as the root user.
  3. Use SSH to log in to the QRadar Network Insights appliance.
  4. To run the ISO installer on the Console, type the following command: /media/cdrom/setup
    Important: Installing QRadar Network Insights 7.4.0 can take approximately 1 to 2 hours.

  5. Wait for the installation to complete.
Results

A summary of the ISO installation advises you of any issues. If there are no issues, you can now SSH to managed hosts and start the installer on each host to run the setup in parallel.

Part 2. Installation wrap-up

  1. After all hosts are updated, send an email to your team to inform them that they will need to clear their browser cache before they log in to the QRadar Network Insights SIEM interface.
  2. To unmount the /media/cdrom directory on all hosts, type: umount /media/cdrom"
  3. Delete the ISO from all appliances.
  4. Review any static routes or customized routing. As mentioned in the administrator notes, all routes were removed and will need to be reconfigured after the upgrade completes.
  5. Review any iptable rules that are configured should be reviewed as the interface names have changed in QRadar Network Insights 7.4.0 due to the Red Hat Enterprise 7 operating system updates. Update any iptables rules that use Red Hat 6 interface naming conventions.

Where do I find more information?


[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"Release Notes","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
23 April 2020

UID

ibm15692262