IBM Support

Release of IBM Security QRadar Analyst Workflow 1.0.1

Release Notes


Abstract

This release fixes a known issue where the app wouldn’t load on a NAT'd system when a public IP address routes to a private IP address.

Content

IBM® Security QRadar® Analyst Workflow provides new methods for filtering offenses and events, and graphical representations of offenses, by magnitude, assignee, and type. The improved offenses workflow provides a more intuitive method to investigate offense to determine the root cause of an issue and work to resolve it. Use the built-in query builder to create AQL queries by using examples and saved or shared searches, or by typing plain text into the search field.
For more information about QRadar Analyst Workflow, see the QRadar Knowledge Center.

Known issues

QRadar Analyst Workflow 1.0.1 includes the following known issues:
  •     Network data intermittently displays blank for some offenses.
  •     All time zones are displayed in the client time zone instead of the server time zone.
  •     The browser Back button does not work from the Offense Events page.
  •     If you use a semicolon in the Domain or Log Source Name filter, the filter is not applied correctly.
  •     On some multi-domain systems, filtering does not work correctly and incorrect data is displayed on the Internal IP panel.
  •     Proxies are not supported.

Supported browsers

You can use QRadar Analyst Workflow on any browser that is supported by QRadar. For a list of
supported browsers, see: https://www.ibm.com/support/knowledgecenter/SS42VS_latest/com.ibm.qradar.doc/c_shi_browser_support.html

Installing QRadar Analyst Workflow

Before you begin
If you previously installed a version of the workflow, make sure that you remove any folders that were created
during that installation process.
Procedure
  1. If you have custom certificates, run the following commands on your QRadar Console, in any directory:
    • update-ca-trust
    • docker restart
  2. Download the QRadarAnalystWorkflow1.0.1.zip file from Fix Central. See the instructions on the IBM Security App Exchange.
  3. Copy the bundle onto your QRadar host by using the Linux "secure copy" (scp) command or an FTP client.
    Secure copy example: scp QRadarAnalystWorkflow1.0.1.zip <QRadar host>:/<directory>
  4. Type the following command to create a new directory on your QRadar host: mkdir qradar-ui
  5. To extract the QRadarAnalystWorkflow1.0.1.zip file on your QRadar host, type the following command: unzip **QRadarAnalystWorkflow1.0.1.zip -d qradar-ui
  6. Run ./qradar-ui/start.sh, then wait for the logs to run.
  7. Access QRadar Analyst Workflow by using one of the following methods:
  • In the navigation menu, click Try the New UI.
  • Access the new UI in your browser at https://<QRadar IP address>/console/ui.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000GncvAAC","label":"QRadar->User Management->Security Profiles"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.0","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
08 July 2020

UID

ibm16238894