IBM Support

Release of QRadar 7.5.0 Update Package 9 ISO (2021.6.9.20240703190930)

Release Notes


Abstract

A list of the installation instructions, new features, and resolved issues for the release of IBM Security QRadar 7.5.0 Update Package 9 (7.5.0-QRADAR-QRFULL-20240703190930). These release notes apply to QRadar, QRadar Vulnerability Manager, QRadar Risk Manager, and QRadar Network Insights. These instructions are intended for administrators who want to install QRadar 7.5.0 Update Package 9 by using an ISO file.

Content

Known issues in QRadar 7.5.0

WinCollect 7.3.1-43 upgrade fails
The WinCollect RPM validation is out of date and causes the upgrade to fail. To resolve the issue, and for more information, see WinCollect 7.3.1-43 upgrade fails due to "[CRITICAL] Transaction failed.
Apps might go down during base image upgrade
After you install QRadar 7.5.0 Update Package 9, your applications might go down temporarily while they are being upgraded to the latest base image.
Duplicate app entries on Traefik when QRadar console is powered off and on again
If you power off your QRadar console via VSphere and power it on again, duplicate entires of apps exist on the Traefik UI. To resolve this issue, restart the Traefik service. 
Factory reinstall on QRadar 7.5.0 Update Package 9 in the recovery partition fails on M5 hardware. 
Factory reinstall with Update Package 9 ISO in the recovery partition on M5 hardware is not supported. 
Alternatively, you can use one of the following methods:
For more information, see DT364088.
Managed WinCollect 7 agents cannot receive updates from encrypted QRadar Managed Hosts with 7.5.0 Update Package 7 Interim Fix 05 and later
In 7.5.0 Update Package 7 Interim Fix 5 and later, changes for managed WinCollect agents on 7.3.1 Patch 2 (7.3.1-28) do not complete as expected for encrypted managed hosts that attempt to connect to the Console. To resolve this issue, you must upgrade to WinCollect 7.3.1 P3. For more information, see DT269649.
Error messages appear during decapper startup in QRadar Network Insights
The following error messages on the terminal broadcast messages or decapper logs indicate an automatic fallback to a legacy decapper library on virtual hosts.
EAL: rte_mem_virt2phy(): cannot open /proc/self/pagemap: Permission denied

EAL: Cannot use IOVA as 'PA' since physical addresses are not available
This fallback is necessary when IOMMU and virtualization passthrough are not available and enabled in the virtual platform configuration. The decapper continues to function, possibly with lowered throughput.
Admin password does not set correctly on auto-install
In some instances of QRadar installations using the auto-install method, the Admin password is not being set properly. To resolve this issues, manually update the Admin password in the QRadar host CLI. For more information, see DT258627.
Issue adding Data Nodes to a cluster
When you add a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.

Resolved issues

For a list of Known Issues links of resolved issues in QRadar 7.5.0 Update Package 9, see Known Issues. The Known Issues search page allows users to search for Known Issues by versions or status.

Some Known Issues links might take 24 hours to display properly after a software release is posted to IBM Fix Central.

What's new

For information on what's new in QRadar 7.5.0, see the following information: https://www.ibm.com/docs/en/SS42VS_7.5/com.ibm.qradar.doc/c_qradar_ov_whats_new_750.html

About this installation

These instructions are intended to assist you when you install QRadar 7.5.0 Update Package 9 by using an ISO file. This ISO can install QRadar, QRadar Risk Manager, QRadar Vulnerability Manager, and QRadar Network Insights products to version 7.5.0 Update Package 9.

See QRadar: Software update check list for administrators for a list of steps to review before you update your QRadar deployment.

Part 1. Installing the QRadar 7.5.0 ISO Update Package 9

These instructions guide you through the process of installing QRadar 7.5.0 Update Package 9.

Important: You can use the verify signature tool to validate the integrity of your downloads from IBM Fix Central. For more information, see How to verify downloads from IBM Fix Central are trusted and code signed.

Procedure

  1. Download the QRadar 7.5.0 Update Package 9 ISO (5.31 GB) from the IBM Fix Central website: https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=All&function=fixId&fixids=7.5.0-QRADAR-QRFULL-20240703190930&includeSupersedes=0&source=fc 


    IMPORTANT: QRadar Incident Forensics uses a unique ISO file to install 7.5.0 Update Package 9. See the Fix Central page for that product to download the correct file.

  2. Use SSH to log in to the Console as the root user.
  3. To run the ISO installer on the Console, type the following command: /media/cdrom/setup
    Important: Installing QRadar 7.5.0 Update Package 9 should take approximately 2 hours on a Console appliance.

  4. Wait for the Console primary update to complete.

    Note: In QRadar 7.3.1 Patch 6, a kernel update was introduced to address issues with appliances failing to log in or list unit files. These issues could prevent the appliance from rebooting. This new kernel does not take effect until the appliance is rebooted. You might need to reboot your system manually for the kernel update to take effect.

    To work around this issue, you must perform a restart of the appliance. To do this, type the reboot command, or use Integrated Management Module (IMM).

Results

A summary of the ISO installation advises you of any issues. If there are no issues, you can now SSH to managed hosts and start the installer on each host to run the setup in parallel.

Part 2. Installation wrap-up

  1. After all hosts are updated, advise your team that they must clear their browser cache before logging in to QRadar SIEM.
  2. To unmount the /media/cdrom directory on all hosts, type:
    /opt/qradar/support/all_servers.sh -C -k “umount /media/cdrom"
  3. Delete the ISO from all appliances.
  4. If you use WinCollect agents version 7.2.6 or latest, you must reinstall the SFS file on the QRadar Console. This is due to issues where the ISO replaces the SFS on the Console with WinCollect 7.2.5 as described here: APAR IV96364. To install the latest WinCollect SFS on the Console, see the WinCollect release notes at WinCollect 101.
  5. Review any static routes or customized routing. As mentioned in the administrator notes, all routes were removed and will need to be reconfigured after the upgrade completes.
  6. Review any iptable rules that are configured to see if the interface names that have changed in QRadar 7.5.0 Update Package 9 due to the Red Hat Enterprise 7 operating system updates affect them. Update any iptables rules that use Red Hat 6 interface naming conventions.

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0"}]

Document Information

Modified date:
09 July 2024

UID

ibm17156497