IBM Support

Release of QRadar Network Packet Capture 7.3.3 Fix Pack 8 (Build 20)

Release Notes


Abstract

This document includes installation instructions and known issues for QRadar Network Packet Capture 7.3.3 Fix Pack 8 (Build 20).

You must have QRadar Network Packet Capture 7.3.2 (Build 5015) or later to install this version.

Content

About this installation

 

Follow these instructions to upgrade your appliance to use QRadar Network Packet Capture 7.3.3 Fix Pack 8 (Build 20). You must have QRadar Network Packet Capture 7.3.2 (Build 5015) or later to use this installation file.

Known Issue

Outdated version of NGINX
If your Network Packet Capture server does not have NGINX 1.16 or later installed, the software update fails and displays the following error message. 
Error: Package: 1:nginx-all-modules-1.12.2-3.el7.noarch (@anaconda/7.5)
        Requires: nginx-mod-http-geoip = 1:1.12.2-3.el7
To work around this problem, complete the following steps:
  1. Reboot your appliance.
  2. Use SSH or IMM to log in to your Network Packet Capture server as the root user.
  3. Run the following commands to remove NGINX from the Network Packet Capture server:
    rpm -e --nodeps nginx
    rpm -e --nodeps nginx-mod-http-xslt-filter-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-all-modules-1.12.2-3.el7.noarch
    rpm -e --nodeps nginx-mod-http-image-filter-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-mod-stream-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-mod-mail-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-mod-http-perl-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-mod-http-geoip-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-filesystem-1.12.2-3.el7.noarch
  4. Use the ISO file to reboot the appliance and perform the software update.
 

Before you install

Review the following information to prepare for the installation:

  • Review the QRadar Network Packet Capture documentation on IBM Docs.
  • This procedure uses IBM's integrated management module (IMM). The IMM interface must be configured and available to mount the QRadar Network Packet Capture ISO file.
  • Complete the update during a scheduled maintenance window. While the system is updating, services do not run and network packets are not recorded.
  • Ensure that you are logged in to the QRadar Network Packet Capture appliance as an administrator.
  • Ensure that your system meets the minimum hardware requirements.
  • Connect a keyboard and monitor by using the VGA connection.
If you have a stacked configuration of QRadar Network Packet Capture appliances, you must unstack your appliances before you can upgrade. Upgrade each appliance individually and then re-create the stack. Unstacking the appliances ensures that your data is preserved during the upgrade. You must also turn off Traffic Capture.
 

Completing the Installation

 


Required files
Download the 7.3.3-QRadar-NETPCAP-Upgrade-20 installation file from IBM Fix Central:

http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=All&platform=All&function=fixId&fixids=7.3.3-QRadar-NETPCAP-Upgrade-20&includeSupersedes=0&source=fc


Procedure

  1. Log in to the QRadar Network Packet Capture IMM interface by using your web browser.
  2. Click Remote Control.
  3. To start the Remote Control session, click Active X for Internet Explorer or Java for all other Browsers.
  4. Click Start Remote Control in Single User Mode.
    NOTE: When applying updates, always use single user mode for remote connections.
  5. Verify that the Allow others to request my remote session disconnect check box is cleared. It is not recommended to allow other users to request the active session for firmware updates.
  6. From the menu, select Virtual Media > Activate.
  7. From the menu, select Virtual Media > Select Devices to Mount.
  8. From the Devices window, click Add Image.
  9. Select the QRadarNETPCAP-Upgrade-20 image and click Open.
  10. Select the option with your ISO, such as CD/DVD - QRadarNETPCAP-Upgrade-20 and verify that the Mapped check box is selected.
  11. Click Mount Selected.
  12. Reboot the appliance.
  13. When the splash menu is displayed, press <F12> Select Boot device.
  14. In the Boot Devices Manager window, select the Upgrade QRadarPCAP-7.3.3-20 option from the boot menu.
  15. Wait for the installation to complete.
  16. After the QRadar Network Packet Capture appliance is updated, restart the appliance when prompted.

Installation wrap-up

After the installation is complete, log in to IMM and select Virtual Media > Unmount All.
 

 
Issues resolved in QRadar Network Packet Capture 7.3.3 Fix Pack 8 (Build 20)
Product Component Number Description
QRADAR  SECURITY BULLETIN CVE-2020-12362

Kernel as used by IBM QRadar Network Packet Capture contains multiple vulnerabilities





Where do I find more information?



 

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"Release Notes","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.3","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
15 October 2021

UID

ibm16493853