Release Notes
Abstract
This release provides usability enhancements and fixes several known issues.
Content
IBM® Security QRadar® Analyst Workflow provides new methods for filtering offenses and events, and graphical representations of offenses, by magnitude, assignee, and type. The improved offenses workflow provides a more intuitive method to investigate offenses to determine the root cause of an issue and work to resolve it. Use the built-in query builder to create AQL queries by using examples and saved or shared searches, or by typing plain text into the search field.
For more information about QRadar Analyst Workflow, see IBM Documentation.
Resolved issues
QRadar Analyst Workflow 2.6.5 resolves the following known issues:
- Fixed an issue that produced an error when a query was started before the Events table was fully loaded.
- Fixed an issue that displayed a filter as "undefined" when the user applied a filter on a table item.
What's new
QRadar Analyst Workflow 2.6.5 includes the following new features:
- Added a toggle switch to the Event and Flow panels to hide or show empty custom properties.
- UI design improvements.
- Accessibility improvements.
- Performance improvements.
Known issues
QRadar Analyst Workflow 2.6.5 contains the following known issue:
- If you view event data by using the custom rules redirect, the query does not display. For more information, see https://www.ibm.com/docs/en/qsip/7.4?topic=workflow-known-issues.
Supported browsers
You can use QRadar Analyst Workflow on any browser that is supported by QRadar. For a list of supported browsers, see: https://www.ibm.com/docs/SS42VS_7.4/com.ibm.qradar.doc/c_shi_browser_support.html
Installing or upgrading QRadar Analyst Workflow
These instructions describe the installation process for QRadar versions 7.4.0 to 7.4.3 GA only. For installations with QRadar version 7.4.3 Fix Pack 1 and later, QRadar Analyst Workflow is installed as a standard application by using extensions management.
For more information, see IBM Documentation.
For more information, see IBM Documentation.
Important: The QRadar Analyst Workflow requires root access to install. If you are using the command line to enable root user privileges, you must use the following command:
sudo su -
If you use sudo su (without -), full root access is not granted.
sudo su -
If you use sudo su (without -), full root access is not granted.
Procedure
- Download the latest QRadarAnalystWorkflow<x.x.x>.zip file from IBM Fix Central.
See also the documentation for the QRadar Analyst Workflow on the IBM Security App Exchange. - If you have custom SSL certificates, run the following commands in any directory on your QRadar Console:
- update-ca-trust
- systemctl restart docker
- If you have a previous installation directory, you must delete it before you extract the .zip file. For example, on the QRadar Console run the following command:
rm -rf /store/qradar-ui /root/qradar-ui - Copy QRadarAnalystWorkflow<x.x.x>.zip to your QRadar console by using the Linux "secure copy" (scp) command or an SFTP client.
Secure copy example: scp QRadarAnalystWorkflow<x.x.x>.zip <QRadar host>:/<directory> - To extract the QRadarAnalystWorkflow<x.x.x>.zip file on your QRadar console, type the following command:
rm -rf /root/qradar-ui /store/qradar-ui && unzip tmp/QRadarAnalystWorkflow<x.x.x>.zip -d /store/qradar-ui - On the QRadar console, run ./qradar-ui/start.sh, then wait for the logs to run.
- Access the QRadar Analyst Workflow by using one of the following methods:
- In the navigation menu, click Try the New UI.
- Access the new UI in your browser at https://<QRadar IP address>/console/ui.
- Delete QRadarAnalystWorkflow<x.x.x>.zip
and the installation folder.
Example: rm -fr /store/qradar-ui /tmp/QRadarAnalystWorkflow<x.x.x>.zip
Removing QRadar Analyst Workflow
To remove the QRadar Analyst Workflow, run the following commands:
/opt/ibm/si/conman/bin/conman-api-cli.sh remove -n ui
/opt/ibm/si/conman/bin/conman-api-cli.sh remove -n graphql
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwthAAA","label":"Offenses"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.3"}]
Was this topic helpful?
Document Information
Modified date:
22 December 2021
UID
ibm16524274