Upgrading from QRadar Risk Manager 1.1 Maintenance Release 5 to QRadar Risk Manager 7.0 is a significant update.
You must back up your existing QRadar Risk Manager 1.1, complete a fresh installation of QRadar Risk Manager 7.0, and then restore your data. No QRadar Risk Manager data is lost during the upgrade process.
- You must be running QRadar Risk Manager 1.1 Maintenance Release 5 build 312057. If necessary, you can download and install the latest patch update from the Qmmunity website. This version is required to back up your QRadar Risk Manager data. In the QRadar SIEM user interface, click Help > About to view your QRadar Risk Manager version information. The QRadar Risk Manager version is displayed in the Installed plug-ins list.
- Verify that storage is available for the QRadar Risk Manager 1.1 backup file. The backup file must be copied off the QRadar Risk Manager system during the upgrade to prevent you from losing your device configurations and data. The restore file contains all of the information from your QRadar Risk Manager 1.1 system. The size of the backup file can vary depending on the size and number of devices that are managed by QRadar Risk Manager.
- Ensure that your QRadar SIEM console and QRadar Risk Manager use the same network switch.
All data that is required to restore your data after you upgrade is contained in a backup archive that you create. After the installation of QRadar Risk Manager 7.0 completes, you can restore your QRadar Risk Manager settings and data from the backup archive.
- QRadar Risk Manager activation key
- IP address
- Network mask address
- Subnet mask
- Default gateway address
- Primary Domain Name System (DNS) server address
- Secondary DNS server (optional) address
- Public IP address for networks using Network Address Translation (NAT)
- Email server name
- Network Time Protocol (NTP) server (Console only) or time server name
Download the backup script, risk_manager_backup.sh, from Qmmunity or IBM Support (http://www.ibm.com/support).
<target date>is the date that the backup file was created. The format of the target date is
<timestamp>is the time that the backup file was created. The format of the timestamp is
- Download the QRadar Risk Manager backup script.
- Copy the backup script to the /tmp directory of your QRadar SIEM console.
- Using SSH, log in your QRadar SIEM console as the root user.
- Type the following command to copy the backup script to QRadar Risk Manager:
scp /tmp/risk_manager_backup.sh root@<QRadar Risk Manager>:/opt/qradar/bin/dbmaint/risk_manager_backup.sh
- The file is copied from the /tmp directory of your QRadar SIEM Console to the /opt/qradar/bin/dbmaint directory of QRadar Risk Manager.
- It can take several minutes for the script to start the backup process. After the script completes, the following message is displayed:
Tue Sep 11 10:14:41 EDT 2012 - Risk Manager Backup complete, wrote /store/qrm_backups/backup-2012-09-11-10-14-39.tgz
CAUTION: The backup file must be stored in a location other than your QRadar Risk Manager appliance. During the upgrade process to QRadar Risk Manager 7.0, the disks are partitioned and all existing data is removed. Use the backup file to recover all of your settings, data, and configuration information after the upgrade to QRadar Risk Manager 7.0 is complete.
You must download the QRadar ISO from Qmmunity or IBM Support (http://www.ibm.com/support).
Previously, QRadar Risk Manager and QRadar used unique ISO images for installations. In the 7.0 release, QRadar Risk Manager and QRadar are merged and both products are installed by using the QRadar ISO file. The activation key that is specified during the installation determines which product is installed.
- Printed on a sticker and physically placed on your appliance.
- Included with the packing slip; all appliances are listed along with their associated keys.
Note: The letter I and the number 1 (one) are treated the same, as are the letter O and the number 0 (zero).
- Download the QRadar ISO.
- Copy the QRadar SIEM ISO to a portable storage device such as a DVD or a bootable USB flash drive.
- Insert the portable storage device into your appliance.
- Restart your QRadar Risk Manager appliance.
- To load the boot menu, press the F11 or the Escape key on your keyboard.
- Select USB drive or DVD drive as the boot option.
Note: QRadar Risk Manager verifies the integrity of the media before installation by checking the MD5 sum. If you receive a warning message that the MD5 checksum failed, then you are required to redownload or reburn QRadar Risk Manager. For further assistance, contact Customer Support.
- Hostname - Type a fully qualified domain name as the system hostname.
- IP address - Type the IP address of the system.
- Network Mask - Type the network mask address for the system.
- Gateway - Type the default gateway of the system.
- Primary DNS - Type the primary DNS server address.
- Secondary DNS - Optional. Type the secondary DNS server address.
- Public IP - Optional. Type the Public IP address of the server. This is a secondary IP address that is used to access the server, usually from a different network or the Internet, and is managed by your network administrator. The Public IP address is often configured by using Network Address Translation (NAT) services on your network or firewall settings on your network. NAT translates an IP address in one network to a different IP address in another network.
Email Server - Type the email server. If you do not have an email server, type
localhostin this field.
b Retype your new password to confirm. Select Finish and press Enter.
The QRadar Risk Manager appliance and the backup archive must be the same version of QRadar Risk Manager. If the script detects a version difference between the archive and the QRadar Risk Manager managed host, an error is displayed.
Use the restore script to specify the archive that you are restoring to QRadar Risk Manager. This process requires you to stop services on QRadar Risk Manager. Stopping services logs off all QRadar Risk Manager users and stops multiple processes.
- Using SSH, log in your QRadar SIEM Console as the root user.
- Using SSH from the QRadar SIEM Console, log in to QRadar Risk Manager as the root user.
- Type the following command to stop hostcontext:
/opt/qradar/bin/risk_manager_restore.sh -r /store/qrm_backups/<backup>
<backup>is the QRadar Risk Manager archive you want to restore.
- For example:
/opt/qradar/bin/risk_manager_restore.sh -r /store/qrm_backups/backup-2012-09-11-10-14-39.tgz
- The following message is displayed:
Tue Sep 11 16:47:22 EDT 2012 - Risk Manager Restore v1 - starting risk_manager_restore.sh; ArchiveFile=/store/qrm_backups/backup-201
12-09-11-16-27-42.tgz, Force Overwrite=true
Tue Sep 11 16:47:22 EDT 2012 - Risk Manager Restore v1 - Appliance is QRM
Tue Sep 11 16:47:22 EDT 2012 - Risk Manager Restore v1 - archive is from version '372011'
Tue Sep 11 16:47:23 EDT 2012 - Risk Manager Restore v1 - appliance version is 372011
Tue Sep 11 16:47:33 EDT 2012 - Risk Manager Restore v1 - restoring db postgres
Tue Sep 11 16:47:34 EDT 2012 - Risk Manager Restore v1 - restoring db qradar
Tue Sep 11 16:47:36 EDT 2012 - Risk Manager Restore v1 - restoring db ziptie
Tue Sep 11 16:47:36 EDT 2012 - Risk Manager Restore v1 - complete.
The <IP Address> is the IP address of the QRadar SIEM system.
The default user name is admin.
The <root password> is assigned to QRadar during the installation process.
- Open your web browser.
- Log in to your QRadar SIEM console.
- On the Admin tab, click Deployment Editor .
- From the menu, select Actions > Add a Managed Host .
- Click Next .
- Enter values for the parameters:
- Enter the IP of the server or appliance to add - Type the IP address of QRadar Risk Manager.
- Enter the root password of the host - Type the root password for the host.
- Confirm the root password of the host - Type the password again.
- Host is NATed - Select the check box to use an existing Network Address Translation (NAT) on this managed host. For more information about NAT, see the IBM Security QRadar SIEM Administration Guide .
Note: If you want to enable NAT for a managed host, the NATed network must be using static NAT translation. For more information, see the IBM Security QRadar SIEM Administration Guide.
Note: If you want to add a non-NATed managed host to your deployment when the Console is NATed, you must change the Console to a NATed host before you add the managed host to your deployment. For more information, see the
IBM Security QRadar SIEM Administration Guide.
Note: This process can take several minutes to complete. If your deployment included undeployed changes, a window is displayed requesting you to deploy all changes.
The System View is displayed, including the host in the Managed Hosts pane. You are now ready to clear your cache. The Risks tab is not visible until you clear your browser cache and log in to QRadar SIEM.
Was this topic helpful?
17 June 2018