Release Notes
Abstract
This release provides usability enhancements and fixes one known issue.
Content
IBM® Security QRadar® Analyst Workflow provides new methods for filtering offenses and events, and graphical representations of offenses, by magnitude, assignee, and type. The improved offenses workflow provides a more intuitive method to investigate offense to determine the root cause of an issue and work to resolve it. Use the built-in query builder to create AQL queries by using examples and saved or shared searches, or by typing plain text into the search field.
For more information about QRadar Analyst Workflow, see the QRadar Knowledge Center.
QRadar Analyst Workflow 1.2.0 fixes an issue where cutomer event properties showed incorrectly.
What's New
QRadar Analyst Workflow 1.2.0 includes the following new features:
- Autoupdate proxy automatically used for Threat Intel feed.
- Customizable row height in tables.
- A new Time Series chart above the Events table shows the number of events sorted by date.
- An expanded payload viewer in the Events panel allows you to view large payload data in greater detail.
- Easy-close side panel.
- Notes now support clickable hyperlinks.
- Executable AQL queries from URL.
- Additional app integrations.
Known issues
QRadar Analyst Workflow 1.2.0 includes the following known issues:
- On a QRadar on Cloud system, the Threat Panel doesn’t load in FireFox. Workaround: Use Chrome.
- Multi tenancy no longer works for a tenant user due to an API issue.
Supported browsers
You can use QRadar Analyst Workflow on any browser that is supported by QRadar. For a list of
supported browsers, see: https://www.ibm.com/support/knowledgecenter/SS42VS_latest/com.ibm.qradar.doc/c_shi_browser_support.html
supported browsers, see: https://www.ibm.com/support/knowledgecenter/SS42VS_latest/com.ibm.qradar.doc/c_shi_browser_support.html
Installing QRadar Analyst Workflow
Before you begin
If you previously installed a version of the workflow, make sure that you remove any folders that were created
during that installation process.
If you previously installed a version of the workflow, make sure that you remove any folders that were created
during that installation process.
Procedure
- If you have custom certificates, run the following commands on your QRadar Console, in any directory:
- update-ca-trust
- systemctl restart docker
- Download the QRadarAnalystWorkflow<x.x.x>.zip file from Fix Central. See the instructions on the IBM Security App Exchange.
- Copy the bundle onto your QRadar host by using the Linux "secure copy" (scp) command or an FTP client.
Secure copy example: scp QRadarAnalystWorkflow<x.x.x>.zip <QRadar host>:/<directory> - Type the following command to create a new directory on your QRadar host: mkdir qradar-ui
Note: If the directory exists from a previous installation, you must delete it before you extract the .zip file. - To extract the QRadarAnalystWorkflow<x.x.x>.zip file on your QRadar host, type the following command: unzip QRadarAnalystWorkflow<x.x.x>.zip -d qradar-ui
- Run ./qradar-ui/start.sh, then wait for the logs to run.
- Access QRadar Analyst Workflow by using one of the following methods:
- In the navigation menu, click Try the New UI.
- Access the new UI in your browser at https://<QRadar IP address>/console/ui.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwthAAA","label":"Offenses"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.0;7.4.1","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 October 2020
UID
ibm16333553