Release Notes
Abstract
This firmware update (7.0.0) provided by IBM® is the latest firmware for your QRadar® xSeries M4 2U appliances. Firmware fix pack 7.0.0 for QRadar M4 2U appliances include several firmware updates and remediations for reported security issues. These instructions are intended for administrators who are on-premise with the appliance to complete a local firmware update with a USB key.
Content
Important: Select a tab to read each step of the firmware procedure.
Tab navigation
Part 1: About the M4 firmware 7.0.0 update
Creating your USB flash drive for the firmware update requires a Windows host and the administrator or USB drive must be on-site with the appliance. The firmware update can take up to 60 minutes complete per appliance and the administrator is required to reboot the appliance after the firmware install completes. Firmware updates are intended to be completed during planned maintenance for your QRadar appliances. If your Data Center does not allow USB keys, instructions and a download are available for administrators who have Integrated Management Module (IMM2) interfaces. For information about other installation options, see: http://ibm.biz/qradarfirmware.
This firmware update applies to the following IBM Security QRadar M4 (2U form factor) appliances, server type, or Machine type models:
Hardware | Details | Size |
Appliance | QRadar 1400 Data Node (4380-Q1E) QRadar Event Processor 1605 (4380-Q1E) QRadar Flow Processor 1705 (4380-Q1E) QRadar Event Processor 1628 (4380-Q2E) QRadar Flow Processor 1728 (4380-Q2E) QRadar 3105 (All-in-One) (4380-Q1E) QRadar 3105 (Console) (4380-Q1E) QRadar 3128 (All-in-One) (4380-Q2E) QRadar 3128 (Console) (4380-Q2E) QRadar Log Manager 3105 (All-in-One) (4380-Q1E) QRadar Log Manager 3105 Console (4380-Q1E) QRadar Log Manager 3128 (All-in-One) (4380-Q2E) QRadar Log Manager 3128 (Console) (4380-Q2E) QRadar Vulnerability Manager (4380-Q1E) QRadar Risk Manager (4380-Q1E) IBM Security QRadar Incident Forensics xx28 (4531-G1E) IBM Security QRadar Packet Capture xx28 (4531-G2E) IBM Security QRadar Packet Capture Data Node xx28 (4531-G3E) | 2U |
Server Type | x3650 M4 BD | 2U |
Server Machine Type | 5466 | 2U |
Appliance Machine type models (MTM) | 4380-Q1E 4380-Q2E 4531-G1E 4531-G2E 4531-G3E | 2U |
Important information and prerequisites in this firmware update
Firmware v7.0.0 includes the following software updates in the Base System Pack and HDD update. Administrators must ensure that their M4 appliance includes the minimum version outlined in the Prerequisite version column. If your M4 appliance does not meet the prerequisite versions outlined in the table 2, the administrator must contact IBM QRadar Support to have a custom upgrade path defined for the M4 appliance.
Table 2: Firmware updates for the M4 QRadar 2U form factor appliances are noted in this table.
Component | Prerequisite version | Firmware version in this update | File name |
IMM2 | 4.35 or later | 1aoo90b-7.40 | ibm_fw_imm2_1aoo90b-7.40_anyos_noarch.uxz |
UEFI/BIOS | None | yoe134d-2.60 | ibm_fw_uefi_yoe134d-2.60_anyos_32-64.uxz |
DSA | None | dsyte2z-9.66 | ibm_fw_dsa_dsyte2a-9.66_anyos_32-64.uxz |
RAID Controller M5110 | None | 23.34.0-0023 | ibm_fw_sraidmr_6gb-23.34.0-0023_linux_32-64.bin |
RAID Controller M5210 | None | 24.21.0-0112 | ibm_fw_sraidmr_5200-24.21.0-0112_linux_32-64.bin |
HDD Update | None | sas-1.23.02 | ibm_fw_hddlenovo_sas-1.23.02_linux_32-64.bin |
Emulex | None | 15b-2.02x11-40 | elx_fw_fc_15b-2.02x11-40_linux_32-64.bin |
NOTES
- After the firmware update is installed, the appliance must be restarted. Lenovo recommends that administrators restart appliances, instead of powering down the hardware to avoid a potential high voltage motherboard condition that can occur.
- Administrators MUST enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944 .
- A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the latest firmware version that is available for your drive.
- The base system pack might contain other firmware packages that are not present in QRadar appliances. Firmware updates from the base system pack can be listed when the tool compares available firmware to the hardware in the appliance and display a status of "undetected".
- For general firmware questions and information, see: http://ibm.biz/qradarfirmware.
Security issues resolved in this firmware update
This table defines the software versions contained within the firmware package and the applicable CVEs addressed in this firmware release.
Component | File name | CVEs resolved in this package |
---|---|---|
UEFI/BIOS | ibm_fw_uefi_yoe134d-2.60_anyos_32-64.uxz |
|
IMM2 | ibm_fw_imm2_1aoo90b-7.40_anyos_noarch.uxz | CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 |
DSA | ibm_fw_dsa_dsyte2a-9.66_anyos_32-64.uxz |
|
RAID Controller M5110 | ibm_fw_sraidmr_6gb-23.34.0-0023_linux_32-64.bin | None |
RAID Controller M5210 | ibm_fw_sraidmr_5200-24.21.0-0112_linux_32-64.bin | None |
HDD Update | ibm_fw_hddlenovo_sas-1.23.02_linux_32-64.bin | None |
Emulex | elx_fw_fc_15b-2.02x11-40_linux_32-64.bin | None |
Other Security Fixes | None | Additional firmware changes to address security vulnerabilities in open source packages, but for which there is no IMM2 exposure: CVE-2015-5180, CVE-2018-11236, CVE-2018-15804. |
Part 2. Create the USB
To create a bootable USB key, you must have access to the following tools and software:
- An 8 GB or larger USB flash drive.
- IBM Fix Central to download the appliance firmware.
- A desktop or notebook system running one the following operating systems:
- Windows 10
- Windows 7
- Windows 2008R2
- Windows 2008
- Windows Vista
- Windows XP
NOTE: Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Creating the bootable USB drive
- Download the M4 7.0.0 firmware IMG file from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3-QRADAR-FIRMWARE-M4_2U_USB-QRadar-QNI-PCAP-QIF-7.0.0&includeSupersedes=0&source=fc
- Download the Rufus Bootable USB Tool.
- Insert the USB flash drive into a USB port on your Windows laptop or workstation.
- Open Rufus and configure the properties.
Parameter Value Device Select your USB drive Boot Selection Select Qradar_IMG_M4_2U_MT5466_x3650_7_0_0.img Partition scheme MBR (Default) Target system BIOS (or UEFI-CSM) (Default) File system FAT32 (Default) Cluster size This value will default to the best option based on size of the USB drive. - Click Start. The image is loaded on the USB drive.
- After the installation finishes, safely eject the USB flash drive from your computer.
Results
The bootable drive is ready to be used to install firmware on the M4 appliance.
Part 3. Installing the Firmware on the QRadar M4 appliance
These instructions are intended for M4 appliances that are not configured as HA (high-availability) pairs. If your appliance is in a HA pair, you must use the High-Availability update instructions found here: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA .Booting from the USB Drive
- Insert the USB drive that has the bootable image into the QRadar appliance.
IMPORTANT: Do not remove the USB flash drive until the IBM ToolsCenter completes the firmware installation.
- From the terminal of the KVM switch for the appliance, log in by using the root credentials.
- From the command prompt, type:
reboot
.
- As the appliance is rebooting, press the F12 key to select a boot device.
- Select the bootable firmware image, for example, USB Storage and Press Enter.
- When prompted, select the Updates option.
- Verify that the bootable media shows the correct machine type for the appliance.
Hardware Details Server Type x3650 M4 BD Server Machine Type 5466 - To start the update, select Click here to start update.
NOTE: Verify that the Updates list contains x3650 M4 BD -- machine type 5466 in the updates list.
- Select your language and click I accept the terms in the license agreement to continue.
- The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.
- From the list of selected firmware items, verify that the selected items match the firmware items to update.
- To start applying the updates, click Next on the Update Options page.
The bootable media creator starts to install firmware on the M4 appliance.
- Verify that all the firmware updates are applied, and click Next to complete the update.
- After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.
- Select the USB flash drive and click OK.
- When all updates are complete, click Finish to reboot the appliance.
Results
After the IMM firmware update is installed, the appliance must be restarted. Lenovo recommends that administrators restart appliances, instead of starting the appliance the hardware from the powered-down state. A warm start avoids a potential high voltage motherboard condition that can occur. If you experience any installation issues or error messages, you can contact QRadar Support for assistance and open a software support case for your appliance. The support representative can request the firmware logs for review to determine the cause of the error or if replacement hardware is required. If the issue is hardware related, the support representative can change the case type and involve the proper teams to schedule replacement parts.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000blfyAAA","label":"QRadar->Hardware->Firmware Upgrades"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.0;7.3.1;7.3.2;7.3.3;7.4.0","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
29 June 2020
UID
ibm16238148