IBM Support

QRadar on Cloud: CentOS 6 apps are disabled on 29 January 2022

News


Abstract

Due to security issues related to CentOS 6 applications, QRadar on Cloud administrators might notice that applications are disabled or missing from the user interface on 29 January 2022. QRadar on Cloud administrators need to upgrade applications to ensure that business-critical apps are not disabled. This technical note outlines the issue and support information for CentOS 6 applications for QRadar on Cloud administrators.

Content

For several months, the QRadar on Cloud DevOps teams provided email notices to administrators about application upgrades related to security issues and end of life (EoL) notice due to vulnerabilities in CentOS 6 applications. This technical note is intended to remind administrators to upgrade all applications that use a CentOS6 base image due to security issues before DevOps teams disable vulnerable apps on QRadar on Cloud appliances. CentOS-based applications must be upgraded before 29 January 2021 to a version that uses a Universal Base Image (UBI) or you might need support assistance to enable an application so it can be upgraded to the latest version. To review the end of life announcement, see Security Bulletin: IBM QRadar SIEM Application Framework v1 (CentOS6) is end of life.


Actions taken by IBM for CentOS 6 applications
Due to the severity of the CentOS 6 issue, IBM DevOps teams updated built-in applications on QRadar on Cloud Consoles to ensure default applications provided during initial software installations were updated to a UBI version. However, not all applications were updated. Administrators must review all applications installed by their teams, including IBM apps, apps developed by IBM Business Partner, or 3rd party vendors and update the application to a UBI version, if available.


QRadar on Cloud upcoming actions for vulnerable applications
DevOps teams are implementing security measures for all QRadar on Cloud appliances on 29 January 2021 to disable CentOS 6 applications.

When an application is disabled, administrators cannot:
  1. Start a CentOS 6 application.
  2. Create instances of a CentOS 6 application.
  3. Install or upgrade a CentOS 6 application.
  4. View or use a stopped CentOS 6 application in the user interface.
Review items for administrators
It is important for QRadar on Cloud administrators to alert teams and upgrade existing applications that can be updated to a UBI version. UBI applications typically list QRadar 7.3.3 FP6+/7.4.1 FP2+ in the title of the application.
  1. If you installed applications on QRadar on Cloud, review your Console to ensure all applications are on a UBI version.
  2. Confirm business-critical applications, such as User Behavior Analytics, QRadar Deployment Intelligence, or Watson Advisor are updated to a UBI version.
  3. Review non-IBM applications to ensure they are installed on a version that lists QRadar 7.3.3 FP6+/7.4.1 FP2+. Or filter on the IBM X-Force App Exchange to confirm the latest UBI version is installed.

QRadar on Cloud administrators must update applications before 29 January 2022 to prevent CentOS 6 applications from being disabled in the user interface. Administrators can manually upgrade applications from the X-Force App Exchange or use the QRadar Assistant application to queue up to 5 application upgrades. QRadar Support cannot enable vulnerable applications for administrators as administrators must upgrade vulnerable apps.

 

Support assistance for disabled CentOS 6 applications

The administrator can confirm whether an upgrade exists for your installed CentOS6 application on the X-Force App Exchange. The latest versions of QRadar applications that use the Red Hat Universal Base Image can be viewed by filtering for QRadar 7.3.3 FP6+/7.4.1 FP2+. In some cases, third-party or early access applications might not have an upgrade available to mitigate the security issues. If you need to upgrade an application after 29 January 2022, you might require a support case to start a CentOS 6 application to upgrade it to a UBI version.
image-20220127093857-2

Important: QRadar Support can enable a CentOS 6 application for upgrade purposes to allow an administrator to upgrade to a newer version that supports Red Hat Universal Base Image (UBI). QRadar Support cannot enable apps for production where only a CentOS 6 version exists, but can enable an app for upgrade purposes to mitigate known vulnerabilities.

What to include in your case:
  1. The URL for your QRadar on Cloud Console.
  2. The CentOS 6 applications that need to be enabled for upgrades.
  3. Urgency of the request, change window information, or outline any business deliverables this issue has to your organization.

    Results
    Administrators who continue to use CentOS6 applications expose themselves to the risks defined in the security bulletin. It is important for administrators to mitigate their risk and upgrade or keep the CentOS 6 applications disabled until a UBI version is available. Questions related to third-party app releases must be directed to the app development team defined in the Support field X-Force App Exchange page.

Upgrading your applications

CentOS 6 applications are considered insecure and administrators must upgrade these applications. For more information, see Security Bulletin: IBM QRadar SIEM Application Framework v1 (CentOS6) is end of life.

Resources
  1. Administrators can individually download and install applications from the IBM X-Force App Exchange.
    Note: The IBM X-Force App Exchange link filters for QRadar on Cloud and QRadar 7.3.3 FP6+/7.4.1 FP2+.
    image-20220127093857-2
    OR
  2. Use the QRadar Assistant App to manage and upgrade applications in QRadar:
    1. Configuring the QRadar Assistant app.
    2. Firewall requirements and URL access.
    3. Review the following video on how to upgrade applications in the QRadar Assistant app:
       

What if a UBI version of an app is not available

IBM is working to update applications to UBI versions and contacting IBM Business Partners to update their applications. However, not all applications have a UBI version available for download.
  1. Administrators can search for application updates from the IBM X-Force App Exchange.
    image-20220127093852-1
  2. If an upgraded version does not display for an app, the app cannot be upgraded and must remain in the disabled state. The CentOS 6 versions of QRadar on Cloud applications are disabled after 29 January 2022.
  3. Administrators can use the Support field to inquire about application updates.
    image-20220127094248-3
  4. When the development team launches a UBI version of the app, administrators can open a case with QRadar on Cloud Support to start the CentOS 6 version of the app so you can upgrade to the UBI version.
     

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSKMKU","label":"IBM QRadar on Cloud"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
27 January 2022

UID

ibm16551140