IBM Support

Release of the QRadar 7.4.2 ISO (7.4.2.20201113144954)

Release Notes


Abstract

A list of the installation instructions, new features, and resolved issues for the release of IBM Security QRadar 7.4.2. These release notes apply to QRadar, QRadar Vulnerability Manager, QRadar Risk Manager. These instructions are intended for administrators who want to install QRadar 7.4.2 by using an ISO file.

Content

  • Auto update server changes

    To avoid interruptions with your software updates, you must change your auto update server configuration before 30 November 2020. A benign error message might be displayed when you update your configuration. For more information, see QRadar: Auto update server changes required before 30 Nov 2020 and IJ29298.

  • Deprecation of Active Directory authentication modules

    If you use a Kerberos-based Active Directory (AD) authentication you must move to the Lightweight Directory Access Protocol (LDAP) to authenticate to QRadar. The underlying open source component of the Kerberos-based Active Directory (AD) is being removed because the component library is no longer supported. When you attempt to upgrade QRadar software, a new error message stops the installation when Active Directory authentication configurations are detected. For more information, see Active Directory authentication modules deprecated from QRadar Console appliances.

  • Adobe Flash end of life and changes to Configuration Source Management (CSM)

    If you have a QRadar Risk Manager (QRM) appliance in your deployment, there are changes in Configuration Source Manager due to the impending end of life of Adobe Flash. For more information, see QRadar Risk Manager: Adobe Flash end of life and changes to Configuration Source Management (CSM).

Known issues in QRadar 7.4.2

 

The UBA app does not load properly in QRadar 7.4.2

The User Behavior Analytics (UBA) app might not load properly after you upgrade to QRadar 7.4.2. If you have UBA 3.7 or earlier in your deployment, you must update to 3.8. UBA 3.8 is compatible only with QRadar 7.3.3 or later. If you are upgrading from QRadar 7.3.2, you must update the UBA app after the upgrade. For more information, see IJ29455.
 

Resolved issues

For a list of APAR links of resolved issues in QRadar 7.4.2, see Authorized Program Analysis Reports.

Some APAR links might take 24 hours to display properly after a software release is posted to IBM Fix Central.

What's new

For information on what's new in QRadar 7.4.2, see the following information: https://www.ibm.com/support/knowledgecenter/SS42VS_7.4.2/com.ibm.qradar.doc/c_qradar_ov_whats_new_742.html

About this installation

These instructions are intended to assist you when you install QRadar 7.4.2 by using an ISO file. This ISO can install QRadar, QRadar Risk Manager, QRadar Vulnerability Manager products to version 7.4.2.

See QRadar: Software update check list for administrators for a list of steps to review before you update your QRadar deployment.

Part 1. Installing the QRadar 7.4.2 ISO

These instructions guide you through the process of installing QRadar 7.4.2.

Procedure

  1. Download the QRadar 7.4.2 ISO (5 GB) from the IBM Fix Central website: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=All&platform=All&function=fixId&fixids=7.4.2-QRADAR-QRFULL-20201113144954&includeSupersedes=0&source=fc


    IMPORTANT: QRadar Incident Forensics and QRadar Network Insights use a unique ISO file to install 7.4.2. See the Fix Central page for those products to download the correct file.

  2. Use SSH to log in to the Console as the root user.
  3. To run the ISO installer on the Console, type the following command: /media/cdrom/setup

    Important: Installing QRadar 7.4.2 should take approximately 2 hours on a Console appliance.

  4. Wait for the Console primary update to complete.

Note: In QRadar 7.3.1 Patch 6, a kernel update was introduced to address issues with appliances failing to log in or list unit files. These issues could prevent the appliance from rebooting. This new kernel does not take effect until the appliance is rebooted. You might need to reboot your system manually for the kernel update to take effect.

To work around this issue, you must perform a restart of the appliance. To do this, type the reboot command, or use Integrated Management Module (IMM).

Results

A summary of the ISO installation advises you of any issues. If there are no issues, you can now SSH to managed hosts and start the installer on each host to run the setup in parallel.

Part 2. Installation wrap-up

  1. After all hosts are updated, advise your team that they must clear their browser cache before logging in to QRadar SIEM.
  2. To unmount the /media/cdrom directory on all hosts, type:
    /opt/qradar/support/all_servers.sh -C -k “umount /media/cdrom"
  3. Delete the ISO from all appliances.
  4. If you use WinCollect agents version 7.2.6 or latest, you must reinstall the SFS file on the QRadar Console. This is due to issues where the ISO replaces the SFS on the Console with WinCollect 7.2.5 as described here: APAR IV96364. To install the latest WinCollect SFS on the Console, see the WinCollect release notes at WinCollect 101.
  5. Review any static routes or customized routing. As mentioned in the administrator notes, all routes were removed and will need to be reconfigured after the upgrade completes.
  6. Review any iptable rules that are configured to see if the interface names that have changed in QRadar 7.4.2 due to the Red Hat Enterprise 7 operating system updates affect them. Update any iptables rules that use Red Hat 6 interface naming conventions.

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"Release Notes","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
30 November 2020

UID

ibm16370679