About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Release Notes
Abstract
A list of the installation instructions, new features, and resolved issues for the release of QRadar Incident Forensics 7.5.0 Update Package 3 (750_QRadar_QIFFull_2021.6.3.20220829221022) ISO. These instructions are intended for administrators who want to install QRadar Incident Forensics 7.5.0 Update Package 3 by using an ISO file.
Content
What's New
For information on new and changed features in QRadar Incident Forensics 7.5.0, see What's new in 7.5.0.
Known issues in QRadar Incident Forensics 7.5.0
App Host cannot communicate with Console correctly when connection is firewalled
If your network connection is behind a firewall, the App Host is unable to communicate with your Console.
To workaround this issue, remove encryption from the App Host and open the following ports on any firewall between your App Host and Console: 514, 443, 5000, 9000.
To review information on these ports, see QRadar port usage.
To review information on these ports, see QRadar port usage.
Apps might go down during base image upgrade
After you install QRadar 7.5.0, your applications might go down temporarily while they are being upgraded to the latest base image.
'9804.install' fails when managed host removed from deployment
If you remove a managed host from deployment prior to upgrading to QRadar 7.5.0, an error message appears.
For more information, see IJ36269.
Patch pre-test can fail when WinCollect 7.3.XX installed
If you have WinCollect 7.3.xx installed when you upgrade to QRadar 7.5.0, the QRadar patch pre-test can fail when the check_yum.sh pre-test does not clean out the old yum cache.
For more information, see IJ32896.
Issue adding Data Nodes to a cluster
When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.
Resolved issues
For a list of APAR links of resolved issues in QRadar Incident Forensics 7.5.0, see Authorized Program Analysis Reports.
Some APAR links might take 24 hours to display properly after a software release is posted to IBM Fix Central.
About this installation
These instructions are intended to assist you when you install QRadar Incident Forensics 7.5.0 by using an ISO file. These instructions inform you how to update your deployment to the latest version. For more information, see the QRadar Incident Forensics Installation Guide.
The QRadar Incident Forensics 7.5.0 Update Package 3 ISO (750_QRadar_QIFFull_2021.11.6.20211220195207) can install QRadar Incident Forensics 7.5.0. However, this document does not cover all of the installation messages and requirements, such as changes to memory requirements or browser requirements for QRadar Incident Forensics.
Part 1. Installing the QRadar Incident Forensics 7.5.0 Update Package 3 ISO
These instructions guide you through the process of installing QRadar Incident Forensics 7.5.0.
Important: You can use the verify signature tool to validate the integrity of your downloads from IBM Fix Central. For more information, see How to verify downloads from IBM Fix Central are trusted and code signed.
Procedure
- Download the QRadar Incident Forensics 7.5.0 Update Package 3 ISO (5.5 GB) from the IBM Fix Central website: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Incident+Forensics&release=All&platform=All&function=fixId&fixids=7.5.0.3-QRADAR-QIFFULL-20220829221022&includeSupersedes=0&source=fc
- Use SSH to log in to the Console as the root user.
NOTE: When you log in, the SSH session should display 7.5.0 as the Console's version. This is verification that the QRadar Console has been updated to 7.5.0, which is required before you update your Incident Forensics appliance. - Open an SSH session to the QRadar Incident Forensics appliance.
- To run the ISO installer, type the following command: /media/dvd/setup
Important: Installing QRadar Incident Forensics 7.5.0 can take 1 to 2 hours to complete on the appliance.
- Wait for the installation to complete.
A summary of the ISO installation advises you of any issues. If there are no issues, you can now SSH to managed hosts and start the installer on each host to run the setup in parallel.
Part 2. Installation wrap-up
- After all hosts are updated, send an email to your team to inform them that they will need to clear their browser cache before they log in to the QRadar Incident Forensics SIEM interface.
- To unmount the /media/dvd directory, type: umount /media/dvd
- Delete the ISO from the appliance.
- Review any static routes or customized routing. As mentioned in the administrator notes, all routes were removed and will need to be reconfigured after the upgrade completes.
- Review any iptable rules that are configured as the interface names have changed in QRadar Incident Forensics 7.5.0 due to the Red Hat Enterprise 7 operating system updates. Update any iptables rules that use Red Hat 6 interface naming conventions.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtKAAQ","label":"QRadar Risk and Vulnerability Manager"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0"}]
Was this topic helpful?
Document Information
More support for:
IBM Security QRadar SIEM
Component:
QRadar Risk and Vulnerability Manager
Software version:
7.5.0
Operating system(s):
Linux
Document number:
6616993
Modified date:
22 September 2022
UID
ibm16616993
Manage My Notification Subscriptions