IBM Support

QRadar Firmware 5.0 for xSeries M4 2U xx05/xx28 Appliances (USB local installs)

Release Notes


Abstract

This firmware update (5.0) provided by IBM is the latest firmware for your IBM® Security QRadar® M4 appliances. This update is only intended for M4 2U form factor QRadar appliances where administrators want to update appliances using a USB key. This update is intended for local updates on QRadar M4 xx05 and xx28 appliances.

Content


Important: Select a tab to read each step of the firmware procedure.


Part 1: About the M4 firmware 5.0 update


To update the firmware on an M4 appliance, administrators can use a Windows host with the Bootable Media Creator (BoMC) software tool to create a USB drive that is suitable for applying firmware updates. Administrators must be on-site (on premise) with the appliance to complete this firmware update using a USB flash drive.

IMPORTANT: The version of the Bootable Media Creator utility that is packaged in the setup file is not compatible with Windows 8 or Windows 10. Administrators can use a Windows 7 operating system to create the USB key. If you do not have access to a Windows 7 system, you can use IMM to update your QRadar appliance.

Supported appliances, types, and model information


This firmware update applies to the following IBM Security QRadar M4 (2U form factor) appliances, server type, or Machine type models:

Hardware Details Size
Appliance IBM Security QRadar xx05 G2
IBM Security QRadar xx28 G2
IBM Security QRadar Incident Forensics xx28
IBM Security QRadar Packet Capture xx28
IBM Security QRadar Packet Capture Data Node xx28
2U
Server Type x3650 M4 BD 2U
Server Machine Type 5466 2U
Appliance Machine type models (MTM) 4380-Q1E
4380-Q2E
4531-G1E
4531-G2E
4531-G3E
2U


Important file changes and prerequisites in this firmware update


The table below lists important updates in the Base System Pack and HDD update. Administrators must ensure that their M4 appliance includes the minimum version outlined in the Prerequisite version column. If your M4 appliance does not meet the prerequisite versions outlined in the table below, the administrator will need to contact IBM QRadar Support to have a custom upgrade path defined for the M4 appliance.

IMPORTANT: Administrators might see a warning message about a required firmware update of uEFI to version 1.20(TCE108i) during installation. This is a benign error message and the administrator can click OK and ignore the message. See the installation tab of this release note for more information.


Component Prerequisite version Firmware version in this update File name 
IMM2 4.35 or later 1aoo80g-6.40 ibm_fw_imm2_1aoo80g-6.40_anyos_noarch
UEFI/BIOS  None yoe122d-2.01 ibm_fw_uefi_yoe122d-2.01_anyos_32-64
DSA  None dsyte2w-9.65 ibm_fw_dsa_dsyte2w-9.65_anyos_32-64
Emulex* None 15b-2.02x11-40 elx_fw_fc_15b-2.02x11-40_linux_32-64
RAID Controller M5210 None 5200-24.12.0-0024 ibm_fw_sraidmr_5200-24.12.0-0024_linux_32-64
RAID Controller M5110 None 6gb-23.34.0-0018 ibm_fw_sraidmr_5100-6gb-23.34.0-0018_linux_32-64
HDD Update  None sas-1.23.02 ibm_fw_hddlenovo_sas-1.23.02_linux_32-64
For general firmware questions and information see our FAQ page at http://ibm.biz/qradarfirmware.


Notes:

  • Administrators MUST enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944.
  • A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the most current firmware level that is available.
  • The base system pack contains other firmware packages that are not in QRadar appliances. Therefore, these packages appear when the tool runs, but have a status of "undetected" and not selected to be updated.
  • This firmware update installs IMM2 firmware version 6.00. Administrators should be aware that IMM2 v6.00 requires Java version 8 to function properly. If administrators are not on Java version 8 or are unable to install Java version 8, then they might need to postpone this M4 appliance firmware update.

Full Release Notes from Lenovo for firmware 5.0 updates


Change files (.chg) can be opened by any text editor. These files contain the full release notes provided by Lenovo to IBM for both CVEs and resolved issues that administrators might want to review.
Component File name  CVEs resolved in this package
IMM2 ibm_fw_imm2_1aoo76i-6.00_anyos_noarch CVE-2016-3706, CVE-2016-1234, CVE-2016-2177, CVE-2016-2178, CVE-2016-6313, CVE-2016-6302, CVE-2015-2179, CVE-2016-2181, CVE-2016-6306, CVE-2015-8605
UEFI/BIOS  ibm_fw_uefi_yoe118c-1.80_anyos_32-64 CVE-2017-5715
DSA  ibm_fw_dsa_dsyte2r-9.65_anyos_32-64 CVE-2016-2183
Emulex* elx_fw_fc_15b-2.02x11-32_linux_32-64 None
RAID Controller M5210 ibm_fw_sraidmr_5200-24.12.0-0024_linux_32-64 None
RAID Controller M5110 ibm_fw_sraidmr_5100-6gb-23.34.0-0018_linux_32-64 None
HDD Update  ibm_fw_hddlenovo_sas-1.23.00_linux_32-64 None
Backplane ibm_fw_exp-6gb-v2-sas-52f5_linux_32-64 None
Other Security Fixes None Security vulnerabilities resolved in open source packages where there is no IMM exposure: CVE-2016-2180, CVE-2016-2182, CVE-2016-2183, CVE-2016-6304, CVE-2015-5352, CVE-2015-6563, CVE-2015-6564, CVE-2016-1908, CVE-2016-3115, CVE-2016-3075, CVE-2016-4429, CVE-2016-2774, CVE-2016-6153, CVE-2015-8872, CVE-2016-6263, CVE-2016-4804, CVE-2016-6318, CVE-2015-2059, CVE-2015-8948, CVE-2016-6261, CVE-2016-6262

NOTE: A full change log of all files that can be read by creating the USB drive and navigate to \BootableMediaCreatorv9_66_05\workingdir\.. This directory has a historical list of all files that are packaged with the firmware update, not just the latest changes as outlined below in the attached file. Administrators can use any text editor to review the attached change list.

Qradar_2U_M4_MT5466_xx05_xx28_QIF_PCAP_Firmware_Update_5_0_0.chgQradar_2U_M4_MT5466_xx05_xx28_QIF_PCAP_Firmware_Update_5_0_0.chg



Where to find more information



Part 2. Create the USB


This installation method uses the IBM Bootable media creator (BOMC) tool on a Windows host to create a bootable USB drive that is capable of installing the M4 firmware update for QRadar 2U appliances. The firmware update can take up to 60 minutes for each host. Use a USB drive of 4GB or larger to ensure enough free space to successfully create the bootable media.

You can use the IBM Bootable Media Creator to update the firmware on the following QRadar appliances:

Hardware Details
Appliance IBM Security QRadar xx05 G2
IBM Security QRadar xx28 G2
IBM Security QRadar Incident Forensics xx28
IBM Security QRadar Packet Capture xx28
IBM Security QRadar Packet Capture Data Node xx28
Server Type x3650 M4 BD
Server Machine Type 5466
Appliance Machine type models (MTM) 4380-Q1E
4380-Q2E
4531-G1E
4531-G2E
4531-G3E


Before you begin


Creating your USB flash drive for the firmware update requires a Windows host and the administrator or USB drive must be on-site with the appliance. The firmware update can take up to 60 minutes complete per appliance and the administrator will be required to reboot the appliance after the firmware install completes. The firmware upgrade procedures should only be done during a change window or during maintenance time for your QRadar appliances. A 4GB USB key is required to complete the procedure outlined below.

**IMPORTANT**: Administrators MUST enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944.

Required files
Download the QRadar M4 appliance firmware update (2U form factor appliances) from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=Linux&function=fixId&fixids=7.2.8-QRADAR-FIRMWARE-M4_2U_USB-QRadar-QNI-PCAP-QIF-5.0.0&includeSupersedes=0&source=fc

Preparing your files

  1. Copy the M4 appliance firmware EXE to a directory on the Windows host.

  2. To extract, right-click on Qradar_2U_M4_MT5466_xx05_xx28_QIF_PCAP_Firmware_Update_5_0_0.exe file and select Extract.

  3. Select or type a directory path for the M4 firmware update and click Extract.

    This will create a folder named Extraction path/Qradar_2U_M4_MT5466_xx05_xx28_QIF_PCAP_Firmware_Update_5_0_0\BootableMediaCreatorv9_66_05\

Creating your USB key


  1. Navigate to the directory containing the extracted M4 Firmware files.
    For example: C:\Qradar_2U_M4_MT5466_xx05_xx28_QIF_PCAP_Firmware_Update_5_0_0\BootableMediaCreatorv9_66_05\

  2. Right-click ibm_utl_bomc_9.66_windows_i386.exe and select Run As Administrator.


    NOTE: Depending on your current permissions, you might be required to type the username and password for the local administrator account. Users might also be required to accept an updated license agreement.


  3. On the Welcome page, click Next.
    IMPORTANT: Do NOT select the Check for the latest version of this tool check box. These instructions are specific to IBM Bootable Media Creator 9.66, which is packaged with the EXE file.

  4. On the Media Purpose page, select the Updates check box and click Next.

  5. Select Look in a local directory.

    NOTE: The path to the workingdir should be inserted automatically when you select Look in a local directory.
    If the path is not populated, the local directory should be the "Extract to path"\Qradar_M4_MT5466_xx05_xx28_QIF_PCAP_Firmware_Update_5_0_0\BootableMediaCreatorv9_66_05\workingdir.

  6. Ensure that the USB has at least 4 GB of available space for the media format page and that your USB drive is inserted in to the Windows host.

  7. On the Media Format page, select USB as the Device Type, the Disk, select the Write directly to device option, and click Next.


  8. Select Do not use unattended mode option when prompted and click Next.

  9. Confirm the configuration for the USB drive and click Next.
    Important: Do NOT remove the USB device until the bootable media creation displays a notification that the process is complete. You might be prompted to erase the USB drive before you continue.



  10. RESULTS


    When complete, you are prompted to safely eject the USB drive, click Next, then click Finish. You are now ready to update your appliance using the bootable USB key. See Part 3. Installing Firmware for instructions on rebooting with the USB key to install the firmware update.







Where to find more information



Part 3. Installing the Firmware on the QRadar M4 appliance


The instructions below are intended for M4 appliances that are not configured as HA (high-availability) pairs. If your appliance is in a HA pair, you must use the High-Availability update instructions found here:http://www.ibm.com/support/docview.wss?uid=swg27047121#HA .


Booting from the USB Drive


    Procedure
  1. Insert the USB drive that has the bootable image into the QRadar appliance.

  2. From the terminal of the KVM switch for the appliance, log in by using the root credentials.

  3. From the command prompt, type: reboot.

  4. As the appliance is rebooting, press the F12 key to select a boot device.

  5. Select the bootable firmware image, for example, USB Storage and Press Enter.

  6. Results The IBM ToolsCenter software is booted.
IMPORTANT: Do not remove the USB flash drive until the IBM ToolsCenter completes the firmware installation.

Installing M4 firmware using the IBM Bootable Media Creator Tool

  1. The IBM ToolsCenter Welcome page is displayed.

  2. When prompted, select the Updates option.

  3. Verify that the bootable media shows the correct machine type for the appliance.
    Hardware Details
    Server Type x3650 M4 BD
    Server Machine Type 5466

  4. To start the update, select Click here to start update.
    NOTE: Verify that the Updates list contains x3650 M4 BD -- machine type 5466 in the updates list.

  5. Select your language and click I accept the terms in the license agreement to continue.

  6. The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.

  7. From the list of selected firmware items, verify that the selected items match the firmware items to update.

  8. IMPORTANT: Some administrators are experiencing an issue where the UEFI firmware generates an error message stating that uEFI version 1.20(TCE108i) is required. The QRadar firmware ships with UEFI v2.x by default. Administrators who experience this message can click OK to ignore this message and continue the firmware update.

  9. To start applying the updates, click Next on the Update Options page.
    The bootable media creator starts to install firmware on the M4 appliance.

  10. Verify that all the firmware updates are applied, and click Next to complete the update.

  11. After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.

  12. Select the USB flash drive and click OK.


  13. When all updates are complete, click Finish to reboot the appliance.

  14. The appliance reboots and starts up normally.



Where to find more information



Original Publication Date

06 March 2017

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Hardware","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.1;7.3;7.2.8;7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
23 June 2018

UID

swg27051186