IBM Support

Master Firmware Version List for QRadar Appliances (Updated)

Release Notes


Abstract

Administrators looking for the latest firmware downloads can review this page to locate firmware updates for QRadar appliances. The installation instructions include a direct download link to the firmware from IBM Fix Central.

Content

This page is a landing page for content about firmware updates for QRadar appliances. Each table includes links for administrators to navigate to the release notes. The release notes for the firmware include tabs, typically an About tab to describe the firmware update and an Installation tab with the procedure for administrators. Every release note includes a download link for IBM Fix Central to download the required firmware update.

Quick links:

 
 

Recent releases (change list)

  • 29 June 2020: Added M4 V7.0.0 firmware for IMM (remote) and USB (on-premise) installs.
  • 26 May 2020: Added M6 V1.1.0 firmware for xClarity ISO (remote) and USB (on-premise) installs.
  • 5 May 2020: Added M5 V5.0.0 firmware for IMM (remote) and USB (on-premise) installs.
  • 5 November 2019: Release of M4 firmware version 6.0 for IMM (remote) and USB (on-premise) installs
  • 26 September 2019: Release of M5 firmware version 4.0.0 for IMM (remote) and USB (on-premise) installs
  • 10 April 2019: Release of M5 firmware version 3.3.0 for IMM (remote) and USB (on-premise) installs
  • 15 March 2019: Added a special notice for M5 v3.2.1 firmware for a Samsung SSD drive issue reported in the field.
  • 22 January 2019: Added links to newly published IBM Security Bulletins for M3 v2.2.0, M4 v5.2.0, and M5 v3.2.1 firmware.
  • 13 January 2019: Added the release of new M3 (v2.2.0) and M4 (v5.2.0) firmware versions.


 

About 1U or 2U form factor appliances


QRadar 1U form factor appliances: 12xx, 13xx, 15xx, 21xx


QRadar 2U form factor appliances: 16xx, 17xx, 18xx, 31xx

 

Upgrade progression for QRadar appliance firmware

 
Administrators who want to upgrade their firmware should install the latest firmware version available as shown in the table below. The firmware update contains multiple revisions of IMM and the firmware update process attempts to install available IMM updates before it launches the main firmware update. If for some reason you attempt to install the latest firmware package and you cannot proceed due to a dependency or missing prerequisite version, the BoMC utility displays errors for IMM and UFEI. Anytime you experience an error upgrading firmware contact QRadar Support for assistance.

M6 firmware releases
What version do I install to update?
1.1.0 Latest released version
M5 firmware releases
What version do I install to update?
5.0.0 Latest released version
4.0.0 Install firmware v5.0.0
3.3.0 Install firmware v5.0.0
3.2.1 Install firmware v5.0.0
3.0.2
Install firmware v5.0.0
2.1.0
Install firmware v5.0.0
1.0 (Factory release)
Install firmware v5.0.0
 
M4 firmware releases
What version do I install to update?
7.0.0 Latest released version
6.0.0 Install firmware v7.0.0
5.2.0 Install firmware v7.0.0
5.0 (USB) & 5.0.1 (ISO/IMM)
Install firmware v7.0.0
4.1.0 (2U) & 4.0.1 (1U)
Install firmware v7.0.0
3.0.0
Install firmware v7.0.0
2.0.3
Install firmware v7.0.0
1.1
Install firmware v7.0.0
1.0 (Factory release)
Install firmware v7.0.0
 

 
M3 firmware releases
What version do I install to update?
2.2.0 Latest released version
2.1.0 Install firmware v2.2.0
1.0 (Factory release)
Install firmware v2.2.0
 
 

Where can I find CVE Related Information for Updates?

The release notes include a list of CVEs resolved by the firmware update. In older firmware updates, a change or text file might be attached to the release notes. For more information, see:

 

Installation types: remote (IMM) versus on-premise (USB)

The latest firmware updates available use the Integrated Management Module (IMM) to upgrade firmware as remote management interfaces are available to most administrators. Administrators who want to install firmware on remote appliances must first install the IMM firmware using a .uxz file, then mount and boot from the ISO file to install other firmware updates. Remote updates allow administrators more flexibility with their appliances, where the USB installer is intended for on-premise (local) appliance updates. The latest versions of USB firmware releases use a .IMG file and bootable USB key utilities, such as Rufus to create a USB key that can be used to update firmware on the QRadar appliance. Not all administrators have a Windows workstation to create the USB drives or allow USB drives in their data centers, so two upgrade types are provided for update flexibility. There are some older versions of firmware that use the IBM Bootable Media Creator, instead of .IMG files and the Rufus to create bootable USB drives. The following table outlines Windows operating systems that can be used to create a bootable USB drive for each firmware version. The newest method of creating a bootable USB drive is to use an IMG file and Rufus where the older method used the IBM Bootable Media Creator utility. Bootable media tools might include Windows operating system restrictions. Administrators who do not have access to a Windows workstation can use the IMM instructions to remotely update their QRadar xSeries appliance.


Bootable USB drive software and Windows OS version support

M6 Firmware
USB install type Supports Windows XP/Vista
Supports Windows 7?
Supports Windows 8/10?
1.1.0 IMG file/Rufus Bootable Media Creator No Yes Yes


 

M5 Firmware
USB install type Supports Windows XP/Vista
Supports Windows 7?
Supports Windows 8/10?
5.0.0 IMG file/Rufus Bootable Media Creator No Yes Yes
4.0.0 IMG file/Rufus Bootable Media Creator No Yes Yes
3.3.0 IMG file/Rufus Bootable Media Creator No Yes Yes
3.2.1 IMG file/Rufus Bootable Media Creator No Yes Yes
3.0.2
IBM Bootable Media Creator No
Yes
Yes
2.1.0
IBM Bootable Media Creator No
Yes
Yes
1.0 (Factory)
IBM Bootable Media Creator No
Yes
Yes
M4 Firmware
USB install type Supports Windows XP/Vista
Supports Windows 7?
Supports Windows 8/10?
7.0.0 IMG file/Rufus Bootable Media Creator No Yes Yes
6.0.0 IMG file/Rufus Bootable Media Creator No Yes Yes
5.2.0 IMG file/Rufus Bootable Media Creator No Yes Yes
5.0 & 5.0.1
IBM Bootable Media Creator No
Yes
No
4.1.0 (2U) & 4.0.1 (1U)
IBM Bootable Media Creator No
Yes
No
3.0.0
IBM Bootable Media Creator No
Yes
No
2.0.3
IBM Bootable Media Creator No
Yes
No
1.1
IBM Bootable Media Creator No
Yes
No
1.0 (Factory)
IBM Bootable Media Creator No
Yes
No
 

 
M3 Firmware
USB install type Supports Windows XP/Vista
Supports Windows 7?
Supports Windows 8/10?
2.2.0 IMG file/Rufus Bootable Media Creator No Yes Yes
2.1.0
IBM Bootable Media Creator No
Yes
Yes
1.0
IBM Bootable Media Creator No
Yes
No

M6 firmware version list for QRadar appliances

Administrators can use the table below to locate the proper firmware for their M6 appliance. This firmware bundle can be installed on any QRadar M6 appliance and will work for both 1U and 2U form factors. Administrators should be aware that the release notes are updated to include new instructions for the xClarity software for users who complete remote ISO installations of their QRadar appliances.

 
Firmware version Server type Machine type Form factor Appliances Installation instructions
1.1.0 (latest) SR630 M6
SR650 M6
7X02
7X06
1U
and
2U
IBM QRadar Network Insights Appliance 1901 G2 (4563-F8Y)
IBM QRadar Network Insights Appliance 1910 G2 (4563-F7Y)
IBM QRadar Network Insights Appliance 1920 G2 (4563-F5F)
IBM QRadar Core Appliance XX29 G2 (4563-Q4A)
IBM QRadar Core Appliance XX48 G2 (4563-Q5B)
IBM QRadar Core Appliance XX05 G4 (4563-Q3E)
IBM QRadar Incident Forensics Appliance G4 (4563-F3A)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 G4 (4563-Q5D)
IBM QRadar Network Packet Capture Appliance G2 (4563-F3C)

IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)


M6 firmware v1.1.0 updates UEFI, IMM2, raid controller, HDD software revisions, and resolves several CVEs as outlined in the release notes.

M5 firmware version list for QRadar appliances

Administrators can use the table below to locate the proper firmware for their M5 appliance. This firmware bundle can be installed on any QRadar M5 appliance and will work for both 1U and 2U form factors. If you are unsure or have questions, you can ask a question in our forums ( http://ibm.biz/qradarforums ) or contact support.

IMPORTANT: Administrators with M5 appliances and IMM version 3.70 might experience an issue where the firmware update can reset the IP address configuration or user configuration on the remote management device (IMM). Verify the IP address for your IMM before you update. If you need to reconfigure your IP address, you might need a Console or crash cart connection to the appliance if you use IMM as a primary method to SSH or remote managed your QRadar appliance.

 
Firmware version Server type Machine type Form factor Appliances Installation instructions
5.0.0 (latest) x3550 M5
and
x3650 M5
MT 8871
and
MT 8869
1U
and
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q7C - IBM QRadar QFlow Collector 1202/1301
4412-Q8C - IBM QRadar QFlow Collector 1310   
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture

IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)


M5 firmware v5.0.0 updates UEFI, IMM2, raid controller, HDD software revisions, and resolves several CVEs as outlined in the release notes.
4.0.0 x3550 M5
and
x3650 M5
MT 8871
and
MT 8869
1U
and
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q7C - IBM QRadar QFlow Collector 1202/1301
4412-Q8C - IBM QRadar QFlow Collector 1310   
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture

IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)


M5 firmware v4.0.0 updates UEFI, IMM2, raid controller, HDD software revisions, and resolves several CVEs as outlined in the release notes.
3.3.0 x3550 M5
and
x3650 M5
MT 8871
and
MT 8869
1U
and
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture

IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)



This release updates several firmware packages and resolves the Samsung sizing issue on solid-state drives (SSDs): FRU 01GR787, Model number MZILS3T8HMLHV3. See: http://ibm.biz/qradarm5ssd for more information on this issue.
 
3.2.1 x3550 M5
and
x3650 M5
MT 8871
and
MT 8869
1U
and
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture

IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

Important: New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:

3.0.2 x3550 M5
and
x3650 M5
MT 8871
and
MT 8869
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
ISO / IMM (remote update instructions)

NOTE: This update resolves multiple security vulnerabilities, including CVE-2017-5715 as reported in the firmware release notes. At this time USB installs are not available. Administrators must use their Integrated Management Module (IMM) to update M5 xSeries firmware until further notice.
2.1.0 x3550 M5
and
x3650 M5
MT 8871
and
MT 8869
1U
and
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
ISO / IMM (remote update instructions)
1.0.0 (Factory)
x3550 M5
and
x3650 M5
MT 8871
and
MT 8869
1U
and
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
N/A (Factory install)
 
 

7. M4 firmware version list for QRadar appliances

Administrators can use the table below to locate the proper firmware for their M4 appliance. Administrators can always install the latest firmware. Prerequisites are listed in the release notes, but administrators can attempt to update as multiple firmware versions are bundled to ensure that software can be updated. In situations where you do not meet an installation prerequisite, contact support for assistance (https://ibm.com/mysupport).

 
Firmware version Server type Machine type Form factor Appliances Installation type
7.0.0 (Latest) x3650 M4 BD 5466 2U
QRadar 1400 Data Node (4380-Q1E)
QRadar Event Processor 1605 (4380-Q1E)
QRadar Flow Processor 1705 (4380-Q1E)
QRadar Event Processor 1628 (4380-Q2E)
QRadar Flow Processor 1728 (4380-Q2E)
QRadar 3105 (All-in-One) (4380-Q1E)
QRadar 3105 (Console) (4380-Q1E)
QRadar 3128 (All-in-One) (4380-Q2E)
QRadar 3128 (Console) (4380-Q2E)
QRadar Log Manager 3105 (All-in-One) (4380-Q1E)
QRadar Log Manager 3105 Console (4380-Q1E)
QRadar Log Manager 3128 (All-in-One) (4380-Q2E)
QRadar Log Manager 3128 (Console) (4380-Q2E)
QRadar Vulnerability Manager (4380-Q1E)
QRadar Risk Manager (4380-Q1E)
IBM Security QRadar Incident Forensics xx28 (4531-G1E)
IBM Security QRadar Packet Capture xx28 (4531-G2E)
IBM Security QRadar Packet Capture Data Node xx28 (4531-G3E)
This release includes multiple CVE updates for UEFI, IMM2, and DSA security vulnerabilities.
7.0.0 (Latest) x3650 M4 BD 7914 1U QRadar 21xx (4380-Q1C)
QRadar Event Collector 1501 G2 (4380-Q2C)
QRadar QFlow Collector 1201 G2 (4380-Q2C)
QRadar QFlow Collector 1202 G2 (4380-Q3C)
QRadar QFlow Collector 1301 G2 (4380-Q4C)
QRadar QFlow Collector 1310 G2 (4380-Q5C)
QRadar QFlow Collector 1310 SR-C G2 (4380-Q5C)
QRadar QFlow Collector 1310 LR-C G2 (4380-Q6C)
This release includes multiple CVE updates for UEFI, IMM2, and DSA security vulnerabilities.
6.0.0 x3650 M4 BD 5466 2U
QRadar 1400 Data Node (4380-Q1E)
QRadar Event Processor 1605 (4380-Q1E)
QRadar Flow Processor 1705 (4380-Q1E)
QRadar Event Processor 1628 (4380-Q2E)
QRadar Flow Processor 1728 (4380-Q2E)
QRadar 3105 (All-in-One) (4380-Q1E)
QRadar 3105 (Console) (4380-Q1E)
QRadar 3128 (All-in-One) (4380-Q2E)
QRadar 3128 (Console) (4380-Q2E)
QRadar Log Manager 3105 (All-in-One) (4380-Q1E)
QRadar Log Manager 3105 Console (4380-Q1E)
QRadar Log Manager 3128 (All-in-One) (4380-Q2E)
QRadar Log Manager 3128 (Console) (4380-Q2E)
QRadar Vulnerability Manager (4380-Q1E)
QRadar Risk Manager (4380-Q1E)
IBM Security QRadar Incident Forensics xx28 (4531-G1E)
IBM Security QRadar Packet Capture xx28 (4531-G2E)
IBM Security QRadar Packet Capture Data Node xx28 (4531-G3E)
 
This release includes multiple CVE updates for OpenSSL and processor microcode security vulnerabilities.
 
6.0.0 (Latest) x3550 M4 7914 1U QRadar 21xx (4380-Q1C)
QRadar Event Collector 1501 G2 (4380-Q2C)
QRadar QFlow Collector 1201 G2 (4380-Q2C)
QRadar QFlow Collector 1202 G2 (4380-Q3C)
QRadar QFlow Collector 1301 G2 (4380-Q4C)
QRadar QFlow Collector 1310 G2 (4380-Q5C)
QRadar QFlow Collector 1310 SR-C G2 (4380-Q5C)
QRadar QFlow Collector 1310 LR-C G2 (4380-Q6C)

This release includes multiple CVE updates for OpenSSL and processor microcode security vulnerabilities.
5.2.0

(Superseded by v6.0.0)
x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
 
ISO / IMM (remote update instructions)

USB Drive (local update instructions)
 

Important: New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:

5.2.0

(Superseded by v6.0.0)
x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
ISO / IMM (remote update instructions)

USB Drive (local update instructions)
 

Important: New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:

5.0.1 ISO/IMM

5.0 USB

(Superseded by 5.2.0)
 
x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28

NOTE: This update resolves multiple security vulnerabilities, including CVE-2017-5715 as reported in the firmware release notes.
ISO / IMM (remote update instructions)

USB Key (local update instructions)

NOTE: The ISO/IMM firmware version 5.0.0 has been replaced by version 5.0.1 to resolve an issue where the model type list did not display when attempting to update a M4 2U appliance over IMM. This issue is resolved and links are updated in the release notes to direct users to firmware 5.0.1 on Fix Central.
5.0 (Superseded by 5.2.0) x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
ISO / IMM (remote update instructions)

USB Key (local update instructions)

NOTE: This update resolves multiple security vulnerabilities, including CVE-2017-5715 as reported in the firmware release notes.
4.1.0 (Superseded by 5.2.0) x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
ISO / IMM (remote update instructions)
4.0.1 (Superseded by 5.2.0) x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
ISO / IMM (remote update instructions)
3.0.0 (Superseded by 5.2.0) x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
2U Link
3.0.0 (Superseded by 5.2.0) x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
1U Link
2.0.3 (Superseded by 5.2.0) x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
Link
2.0.3 (Superseded by 5.2.0) x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
Link
1.1 (Superseded by 5.2.0) x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
Link
1.1 (Superseded by 5.2.0) x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
Link
1.0 (Superseded by 5.2.0) x3550 M4 7914 1U Firmware version 1.0 was replaced with firmware 1.1. Firmware 1.1 contains the same firmware update files and includes an easier installation method using a USB drive. N/A (Factory install)
1.0 (Superseded by 5.2.0) x3650 M4 BD 5466 2U Firmware version 1.0 was replaced with firmware 1.1. Firmware 1.1 contains the same firmware update files and includes an easier installation method using a USB drive. N/A (Factory install)
 

 

8. M3 firmware version list for QRadar appliances

Administrators can use the table below to locate the proper firmware for their M3 appliance. IBM does not publish remote update (IMM/ISO) instructions for M3 appliances as this time and administrators with M3 appliances are required to use a USB drive to complete firmware updates.  If you have questions about the firmware release, you can ask a question in our forums ( http://ibm.biz/qradarforums ) or contact support.

 
Firmware version Server type Machine type Form factor Appliances Installation instructions
2.2.0 (Latest) x3550 M3 7944 1U 4378-Q21 - IBM QRadar 2100
4378-QC1 - IBM QFlow Collector 1201
4378-QC2 - IBM QFlow Collector 1202
4378-QSR - IBM QFlow Collector 1301
4378-QLR - IBM QFlow Collector 1302
4378-QD1 - IBM Event Collector 1501
USB Drive Installation Instructions
 

New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:

2.2.0 (Latest) x3630 M3 7377 2U 4379-Q05 - IBM QRadar xx05 G1
4379-Q24 - IBM QRadar xx24 G1
USB Drive Installation Instructions
 

New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:

2.1 (Superseded by 2.2.0) x3550 M3 7944 1U 4378-Q21 - IBM QRadar 2100
4378-QC1 - IBM QFlow Collector 1201
4378-QC2 - IBM QFlow Collector 1202
4378-QSR - IBM QFlow Collector 1301
4378-QLR - IBM QFlow Collector 1302
4378-QD1 - IBM Event Collector 1501
USB Drive Installation Instructions
2.1 (Superseded by 2.2.0) x3630 M3 7377 2U 4379-Q05 - IBM QRadar xx05 G1
4379-Q24 - IBM QRadar xx24 G1
USB Drive Installation Instructions
1.0 (Superseded by 2.2.0) x3550 M3 7944 1U 4378-Q21 - IBM QRadar 2100
4378-QC1 - IBM QFlow Collector 1201
4378-QC2 - IBM QFlow Collector 1202
4378-QSR - IBM QFlow Collector 1301
4378-QLR - IBM QFlow Collector 1302
4378-QD1 - IBM Event Collector 1501
USB Drive Installation Instructions
1.0 x3630 M3 7377 2U 4379-Q05 - IBM QRadar xx05 G1
4379-Q24 - IBM QRadar xx24 G1
USB Drive Installation Instructions
 

 

9. Installing firmware on high-availability (HA) appliances

A: Setting the Secondary Active

Before you attempt to install any firmware, the administrator must set the primary offline and wait for the secondary appliance to become active. This process will take 5-10 minutes to complete depending on your hardware and appliance type.

  1. Click the Admin tab.
  2. Click the System and License Management icon.
  3. Select the HA primary appliance. This is the system that you want to set to offline.
  4. From the toolbar, select High Availability > Set System Offline.
  5. Wait for the (primary) appliance Host Status column to display Offline.
  6. Verify that the Host Status for the secondary displays Active.
  7. To verify the primary is offline, SSH to the primary appliance.
  8. From the command line, type service hostcontext status.
  9. Verify the status displays stopped.

    Results
    You are now ready to update the M3 firmware on the primary (Offline) appliance.

B: Installing Firmware on the Primary

  1. Insert the USB drive that has the bootable image into the QRadar appliance.
  2. From the terminal of the KVM switch for the appliance, log in by using the root credentials.
  3. From the command prompt, type: reboot.
  4. As the appliance is rebooting, press the F12 key to select a boot device.
  5. Select the bootable firmware image, for example, USB Storage and Press Enter.
  6. When prompted, select the Updates option and complete the firmware installation.

C: Setting the Primary Active

The administrator must set the secondary offline and wait for the status of the primary appliance to change from Standby to Active. This process will take 5-10 minutes to complete depending on your hardware and appliance type.

  1. Click the Admin tab.
  2. Click the System and License Management icon.
  3. Verify the Primary HA appliance is in standby.
  4. If the Primary is in the offline state, right-click the Primary appliance and select Set System Online.
  5. Select the HA secondary appliance. The secondary is the system that you want to set to offline.
  6. From the toolbar, select High Availability > Set System Offline.
  7. Wait for the secondary appliance Host Status column to display Offline.
  8. Wait for the primary appliance Host Status column to transition from Standby to Active.
  9. To verify the primary is offline, SSH to the primary appliance.
  10. From the command line, type service hostcontext status.
  11. Verify the status is stopped.

D: Installing Firmware on the Secondary

  1. Insert the USB drive that has the bootable image into the QRadar appliance.
  2. From the terminal of the KVM switch for the appliance, log in by using the root credentials.
  3. From the command prompt, type: reboot.
  4. As the appliance is rebooting, press the F12 key to select a boot device.
  5. Select the bootable firmware image, for example, USB Storage and Press Enter.
  6. When prompted, select the Updates option and complete the firmware installation.

E: Setting the Secondary to Standby

  1. Click the Admin tab.
  2. On the navigation menu, click System Configuration.
  3. Click the System and License Management icon.
  4. Verify the secondary HA appliance is in standby.
  5. If the secondary is in the offline state, right-click the secondary appliance and select Set System Online.

    Results
    The secondary is Standby and the Primary appliance is in Online. The firmware update is complete. If you have additional questions, ask us in our forums at http://ibm.biz/qradarforums or open a support ticket with QRadar Support .

Original Publication Date

30 September 2016

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtcAAA","label":"Hardware"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
24 August 2020

UID

swg27047121