Release Notes
Abstract
A list of the installation instructions, new features, and resolved issues for the release of QRadar Incident Forensics 7.4.2 (742_QRadar_QIFFull_2020.7.0.20201113144954) ISO. These instructions are intended for administrators who want to install QRadar Incident Forensics 7.4.2 by using an ISO file.
Content
-
Auto update server changes
To avoid interruptions with your software updates, you must change your auto update server configuration before 30 November 2020. A benign error message might be displayed when you update your configuration. For more information, see QRadar: Auto update server changes required before 30 Nov 2020 and IJ29298.
-
Deprecation of Active Directory authentication modules
If you use a Kerberos-based Active Directory (AD) authentication you must move to the Lightweight Directory Access Protocol (LDAP) to authenticate to QRadar. The underlying open source component of the Kerberos-based Active Directory (AD) is being removed because the component library is no longer supported. When you attempt to upgrade QRadar software, a new error message stops the installation when Active Directory authentication configurations are detected. For more information, see Active Directory authentication modules deprecated from QRadar Console appliances.
-
Adobe Flash end of life and changes to Configuration Source Management (CSM)
If you have a QRadar Risk Manager (QRM) appliance in your deployment, there are changes in Configuration Source Manager due to the impending end of life of Adobe Flash. For more information, see QRadar Risk Manager: Adobe Flash end of life and changes to Configuration Source Management (CSM).
Known issues in QRadar Incident Forensics 7.4.2
The UBA app does not load properly in QRadar 7.4.2
Resolved issues
For a list of APAR links of resolved issues in QRadar Incident Forensics 7.4.2, see Authorized Program Analysis Reports.
Some APAR links might take 24 hours to display properly after a software release is posted to IBM Fix Central.
About this installation
These instructions are intended to assist you when you install QRadar Incident Forensics 7.4.2 by using an ISO file. These instructions inform you how to update your deployment to the latest version. For more information, see the QRadar Incident Forensics Installation Guide.
The QRadar Incident Forensics 7.4.2 ISO (
Part 1. Installing the QRadar Incident Forensics 7.4.2 ISO
These instructions guide you through the process of installing QRadar Incident Forensics 7.4.2.
Procedure
- Download the QRadar Incident Forensics 7.4.2 ISO (5.5 GB) from the IBM Fix Central website: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Incident+Forensics&release=All&platform=All&function=fixId&fixids=7.4.2-QRADAR-QIFFULL-20201113144954&includeSupersedes=0&source=fc
- Use SSH to log in to the Console as the root user.
NOTE: When you log in, the SSH session should display 7.4.2 as the Console's version. This is verification that the QRadar Console has been updated to 7.4.2, which is required before you update your Incident Forensics appliance. - Open an SSH session to the QRadar Incident Forensics appliance.
- To run the ISO installer, type the following command: /media/dvd/setup
Important: Installing QRadar Incident Forensics 7.4.2 can take 1 to 2 hours to complete on the appliance.
- Wait for the installation to complete.
A summary of the ISO installation advises you of any issues. If there are no issues, you can now SSH to managed hosts and start the installer on each host to run the setup in parallel.
Part 2. Installation wrap-up
- After all hosts are updated, send an email to your team to inform them that they will need to clear their browser cache before they log in to the QRadar Incident Forensics SIEM interface.
- To unmount the /media/dvd directory, type: umount /media/dvd
- Delete the ISO from the appliance.
- Review any static routes or customized routing. As mentioned in the administrator notes, all routes were removed and will need to be reconfigured after the upgrade completes.
- Review any iptable rules that are configured as the interface names have changed in QRadar Incident Forensics 7.4.2 due to the Red Hat Enterprise 7 operating system updates. Update any iptables rules that use Red Hat 6 interface naming conventions.
Was this topic helpful?
Document Information
Modified date:
30 November 2020
UID
ibm16370713