Release Notes
Abstract
This release fixes a known issue where the app wouldn’t load on a NAT'd system when a public IP address routes to a private IP address.
Content
IBM® Security QRadar® Analyst Workflow provides new methods for filtering offenses and events, and graphical representations of offenses, by magnitude, assignee, and type. The improved offenses workflow provides a more intuitive method to investigate offense to determine the root cause of an issue and work to resolve it. Use the built-in query builder to create AQL queries by using examples and saved or shared searches, or by typing plain text into the search field.
For more information about QRadar Analyst Workflow, see the QRadar Knowledge Center.
Known issues
QRadar Analyst Workflow 1.0.1 includes the following known issues:
- Network data intermittently displays blank for some offenses.
- All time zones are displayed in the client time zone instead of the server time zone.
- The browser Back button does not work from the Offense Events page.
- If you use a semicolon in the Domain or Log Source Name filter, the filter is not applied correctly.
- On some multi-domain systems, filtering does not work correctly and incorrect data is displayed on the Internal IP panel.
- Proxies are not supported.
Supported browsers
You can use QRadar Analyst Workflow on any browser that is supported by QRadar. For a list of
supported browsers, see: https://www.ibm.com/support/knowledgecenter/SS42VS_latest/com.ibm.qradar.doc/c_shi_browser_support.html
supported browsers, see: https://www.ibm.com/support/knowledgecenter/SS42VS_latest/com.ibm.qradar.doc/c_shi_browser_support.html
Installing QRadar Analyst Workflow
Before you begin
If you previously installed a version of the workflow, make sure that you remove any folders that were created
during that installation process.
If you previously installed a version of the workflow, make sure that you remove any folders that were created
during that installation process.
Procedure
- If you have custom certificates, run the following commands on your QRadar Console, in any directory:
- update-ca-trust
- docker restart
- Download the QRadarAnalystWorkflow1.0.1.zip file from Fix Central. See the instructions on the IBM Security App Exchange.
- Copy the bundle onto your QRadar host by using the Linux "secure copy" (scp) command or an FTP client.
Secure copy example: scp QRadarAnalystWorkflow1.0.1.zip <QRadar host>:/<directory> - Type the following command to create a new directory on your QRadar host: mkdir qradar-ui
- To extract the QRadarAnalystWorkflow1.0.1.zip file on your QRadar host, type the following command: unzip **QRadarAnalystWorkflow1.0.1.zip -d qradar-ui
- Run ./qradar-ui/start.sh, then wait for the logs to run.
- Access QRadar Analyst Workflow by using one of the following methods:
- In the navigation menu, click Try the New UI.
- Access the new UI in your browser at https://<QRadar IP address>/console/ui.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000GncvAAC","label":"QRadar->User Management->Security Profiles"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.0","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
08 July 2020
UID
ibm16238894