IBM Support

QRadar: About the 'Minimum Permitted App Base Image Stream' System Setting

Question & Answer


Question

In QRadar 7.5.0 Update Package 8, a new system setting is available for administrators to control which apps are installed and running on your deployment. The new 'Minimum Permitted App Base Image Stream' system setting on the Admin tab allows administrators to define the base minimum image allowable to prevent security issues on vulnerable apps.

Answer

How this impacts users
If the v2 setting is set this only allows users to install with a base image of V2 or later. The V2 setting prevents apps that use vulnerable CentOS applications from installing.
image-20240322090228-3

Changing the system setting value
When the Minimum Permitted App Base Image Stream version is changed, the application framework must restart applications and deploy changes. If an administrator updates the default value to a new minimum baseline app, the following message is displayed to users:
image-20240325102633-1
User interface options
The Minimum Permitted App Base Image Stream drop-down in the user interface supports the following options in the QRadar 7.5.0 Update Package 8 release:
  • v1+ (Centos with Python 2)
  • v2+ (RHEL with Python 3.6)
  • v3+ (RHEL with Python 3.8)
  • v4+ (RHEL with Python 3.11)

    Note: This list is subject to change as future software versions are released.
Default settings
The Minimum Permitted App Base Image Stream setting is configured with the following settings for QRadar 7.5.0 Update Package 8:
  • New installations of QRadar 7.5.0 Update Package 8 are configured by default with a setting of V2+ (RHEL with Python 3.6).
  • Upgrades from prior versions of QRadar to 7.5.0 Update Package 8 are configured by default with V1+ (Centos).


Error messages
If the application framework has core functionality changes in progress, an error message is displayed to inform the administrator of what is blocking the change to the system setting in QRadar. The process must complete before the minimum baseline app can be changed.

What can use the error message to display:
  • An application is starting after services were restarted.
  • An application is being installed or upgraded.
  • An application is being migrated to or from the Console.
  • The baseline image has been updated on the Console.
If you experience any of these application check messages, you can click OK and wait for the activity to complete.
image-20240325102850-2

 

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
25 March 2024

UID

ibm17145047