Question & Answer
Question
In QRadar 7.5.0 Update Package 8, a new system setting is available for administrators to control which apps are installed and running on your deployment. The new 'Minimum Permitted App Base Image Stream' system setting on the Admin tab allows administrators to define the base minimum image allowable to prevent security issues on vulnerable apps.
Answer
How this impacts users
If the v2 setting is set this only allows users to install with a base image of V2 or later. The V2 setting prevents apps that use vulnerable CentOS applications from installing.
Changing the system setting value
When the Minimum Permitted App Base Image Stream version is changed, the application framework must restart applications and deploy changes. If an administrator updates the default value to a new minimum baseline app, the following message is displayed to users:
User interface options
The Minimum Permitted App Base Image Stream drop-down in the user interface supports the following options in the QRadar 7.5.0 Update Package 8 release:
The Minimum Permitted App Base Image Stream drop-down in the user interface supports the following options in the QRadar 7.5.0 Update Package 8 release:
- v1+ (Centos with Python 2)
- v2+ (RHEL with Python 3.6)
- v3+ (RHEL with Python 3.8)
- v4+ (RHEL with Python 3.11)
Note: This list is subject to change as future software versions are released.
Default settings
The Minimum Permitted App Base Image Stream setting is configured with the following settings for QRadar 7.5.0 Update Package 8:
The Minimum Permitted App Base Image Stream setting is configured with the following settings for QRadar 7.5.0 Update Package 8:
- New installations of QRadar 7.5.0 Update Package 8 are configured by default with a setting of V2+ (RHEL with Python 3.6).
- Upgrades from prior versions of QRadar to 7.5.0 Update Package 8 are configured by default with V1+ (Centos).
Error messages
If the application framework has core functionality changes in progress, an error message is displayed to inform the administrator of what is blocking the change to the system setting in QRadar. The process must complete before the minimum baseline app can be changed.
What can use the error message to display:
- An application is starting after services were restarted.
- An application is being installed or upgraded.
- An application is being migrated to or from the Console.
- The baseline image has been updated on the Console.
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
25 March 2024
UID
ibm17145047