Due to security issues related to CentOS 6 applications, QRadar on Cloud administrators might notice that applications are disabled or missing from the user interface on 29 January 2022. QRadar on Cloud administrators need to upgrade applications to ensure that business-critical apps are not disabled. This technical note outlines the issue and support information for CentOS 6 applications for QRadar on Cloud administrators.
Actions taken by IBM for CentOS 6 applications
QRadar on Cloud upcoming actions for vulnerable applications
When an application is disabled, administrators cannot:
- Start a CentOS 6 application.
- Create instances of a CentOS 6 application.
- Install or upgrade a CentOS 6 application.
- View or use a stopped CentOS 6 application in the user interface.
It is important for QRadar on Cloud administrators to alert teams and upgrade existing applications that can be updated to a UBI version. UBI applications typically list QRadar 7.3.3 FP6+/7.4.1 FP2+ in the title of the application.
- If you installed applications on QRadar on Cloud, review your Console to ensure all applications are on a UBI version.
- Confirm business-critical applications, such as User Behavior Analytics, QRadar Deployment Intelligence, or Watson Advisor are updated to a UBI version.
- Review non-IBM applications to ensure they are installed on a version that lists QRadar 7.3.3 FP6+/7.4.1 FP2+. Or filter on the IBM X-Force App Exchange to confirm the latest UBI version is installed.
QRadar on Cloud administrators must update applications before 29 January 2022 to prevent CentOS 6 applications from being disabled in the user interface. Administrators can manually upgrade applications from the X-Force App Exchange or use the QRadar Assistant application to queue up to 5 application upgrades. QRadar Support cannot enable vulnerable applications for administrators as administrators must upgrade vulnerable apps.
Support assistance for disabled CentOS 6 applications
Important: QRadar Support can enable a CentOS 6 application for upgrade purposes to allow an administrator to upgrade to a newer version that supports Red Hat Universal Base Image (UBI). QRadar Support cannot enable apps for production where only a CentOS 6 version exists, but can enable an app for upgrade purposes to mitigate known vulnerabilities.
What to include in your case:
- The URL for your QRadar on Cloud Console.
- The CentOS 6 applications that need to be enabled for upgrades.
- Urgency of the request, change window information, or outline any business deliverables this issue has to your organization.
Administrators who continue to use CentOS6 applications expose themselves to the risks defined in the security bulletin. It is important for administrators to mitigate their risk and upgrade or keep the CentOS 6 applications disabled until a UBI version is available. Questions related to third-party app releases must be directed to the app development team defined in the Support field X-Force App Exchange page.
Upgrading your applications
CentOS 6 applications are considered insecure and administrators must upgrade these applications. For more information, see Security Bulletin: IBM QRadar SIEM Application Framework v1 (CentOS6) is end of life.Resources
- Administrators can individually download and install applications from the IBM X-Force App Exchange.
Note: The IBM X-Force App Exchange link filters for QRadar on Cloud and QRadar 7.3.3 FP6+/7.4.1 FP2+.
- Use the QRadar Assistant App to manage and upgrade applications in QRadar:
What if a UBI version of an app is not available
- Administrators can search for application updates from the IBM X-Force App Exchange.
- If an upgraded version does not display for an app, the app cannot be upgraded and must remain in the disabled state. The CentOS 6 versions of QRadar on Cloud applications are disabled after 29 January 2022.
- Administrators can use the Support field to inquire about application updates.
- When the development team launches a UBI version of the app, administrators can open a case with QRadar on Cloud Support to start the CentOS 6 version of the app so you can upgrade to the UBI version.
Was this topic helpful?
27 January 2022