IBM Support

Release of QRadar 7.5.0 Update Package 12 ISO (2021.6.12.20250509154206)

Release Notes


Abstract

A list of the installation instructions, new features, and resolved issues for the release of IBM Security QRadar 7.5.0 Update Package 12 (7.5.0-QRADAR-QRFULL-2021.6.12.20250509154206). These release notes apply to QRadar, QRadar Vulnerability Manager, QRadar Risk Manager, and QRadar Network Insights. These instructions are intended for administrators who want to install QRadar 7.5.0 Update Package 12 by using an ISO file.

Content

What's new

Predictive Parsing Enhancements for Custom Event Properties
QRadar SIEM Predictive Parsing for Custom Event Properties

Enhanced Search Progress Visualization
The search visualization on the Log and Network Activity screen has been improved by replacing the previous circling animation with a dynamic progress bar. This update includes an estimated time to completion, calculated based on elapsed time and remaining percentage, providing users with a clearer view of the search execution speed.

Search Performance Improvement in Multi-Tenant Deployments with Reference Set Filters
Search performance is increased by up to 100 times or more in QRadar deployments with multi-tenancy, where Reference Set filters are used in search.

Enhanced Search Progress Visualization
The search visualization on the Log and Network Activity screen has been improved by replacing the previous circling animation with a dynamic progress bar. This update includes an estimated time to completion, calculated based on elapsed time and remaining percentage, providing users with a clearer view of the search process.

Add Creation Date to the offense summary page and the offense search page
In previous versions of QRadar, the offense summary page would show the offense start date, which is tied to the first event related to the offense. We have also added the creation date, which indicates when the offense was created, typically after the start time.

Enhanced Log Search by Event Collector Name
Searching logs by event collector is now simplified by allowing the use of the new Event Collector field and the previous Event Collector ID in the user interface. This update offers a more intuitive search experience with an auto-populated list of Event Collector IDs dropdown of compatible values and operators, aligning with the search functionality used for other host criteria like Event Processor.

Improved Scattering with Absolute Space Thresholds on larger Data Nodes
Data Scattering, the process of distributing data across Data Nodes, has been improved to use absolute space thresholds, optimizing disk space utilization on larger Data Nodes. This change ensures more efficient disk space management by comparing available free space with calculated thresholds, allowing for storing more data without risk of shutdown.

Streamlined QRadar UI with Key Enhancements
Enhanced QRadar UI with updates to Auto Update, Network Hierarchy, Backup & Recovery, Index Management, Aggregated Data Management, System Health, System Settings, QVM Configuration, Routing Rules, Custom Offense Close Reasons, and Forwarding Destinations applications within the Admin tab.

The package DSM DSM-JuniperJunOS-7.5-20240628064229.noarch has been added.
To enhance the customer experience, this package should be pre-installed to ensure log parsing works seamlessly for Juniper customers, especially those in air-gapped environments where automatic updates are not available.
 
Updated Protocols: Common, UniversalCloudRESTAPI, TLSSyslog, BoxRESTAPI, and CertificateUtilsCommon
These protocols have been enhanced to ensure compatibility with Java 11 by implementing the necessary updates to meet Java 11 compliance requirements.
 
Updated Default AutoUpdate Version to 9.21
The enhanced AutoUpdate version 9.21 is now set as the default to provide support for Java 11 and PostgreSQL 16.
 
Released New DSM for Storage Protect: https://www.ibm.com/docs/en/dsm?topic=storage-protect 
 
Released New DSM for Azure Monitor Agent(AMA) for Linux: https://www.ibm.com/docs/en/dsm?topic=configuration-microsoft 

Released New Palo Alto Firewall PAN-OS Support
Parsing capabilities have been extended to support PAN-OS version 11.0, including DNS Security, FILE, Tunnel, and URL logs.

Protocol Cisco Duo Pagination Enhancement
Resolved an issue in the CiscoDuo Protocol where events were missed between two recurrences when the response contained more events than the limit defined by Cisco. This update implements pagination to ensure all events between recurrences are processed.

Protocol Salesforce Enhancement
Enhanced the Salesforce REST API Protocol to optimize user API calls to the Salesforce account. This update ensures that both active and inactive accounts are retrieved. Administrators with automatic updates disabled need to manually install the Salesforce REST API Protocol RPM on the Console to enable this feature.
 
Protocol IBM Security QRadar EDR Enhancement
Enhanced the IBM Security QRadar EDR REST API Protocol to retrieve more detailed alert information by calling the events endpoint.

Resolved issues

The Known Issues listed below are resolved in QRadar 7.5.0 Update Package 12. For a complete list of Known Issues, see Known Issues. The Known Issues search page allows users to search for Known Issues by version or status.

  • DT149076  IJ40242: Add host fails if an entry exists for the host in the known_hosts file and that entry is valid
  • DT396625 Ingress restarted during full deploy, not prompting user
  • DT418741 Upgrading to 7.5.0 UP10 fails with: Error running 14: /media/updates/scripts/QRADAR-20338.install
  • DT425142 qradarca-monitor restarts services every hour when the expiring cert is skipped for regeneration
  • DT423580 Asset is not getting updated or deleted, and creates duplicate assets
  • DT424536 The "Show AQL" generates incorrect AQL with missing parentheses '(' , ')'

About this installation

These instructions are intended to assist you when you install QRadar 7.5.0 Update Package 12 by using an ISO file. This ISO can install QRadar, QRadar Risk Manager, QRadar Vulnerability Manager, and QRadar Network Insights products to version 7.5.0 Update Package 12.

See QRadar: Software update checklist for administrators for a list of steps to review before you update your QRadar deployment.
 

Installing the QRadar 7.5.0 ISO Update Package 12

These instructions guide you through the process of installing QRadar 7.5.0 Update Package 12.

Important: You can use the verify signature tool to validate the integrity of your downloads from IBM Fix Central. For more information, see How to verify downloads from IBM Fix Central are trusted and code signed.

Procedure

  1. Download the QRadar 7.5.0 Update Package 12 ISO (5.31 GB) from the IBM Fix Central website:  https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Security+QRadar+Vulnerability+Manager&fixids=7.5.0-QRADAR-QRFULL-20250509154206&source=SAR


    IMPORTANT: QRadar Incident Forensics uses a unique ISO file to install 7.5.0 Update Package 12. See the Fix Central page for that product to download the correct file.

  2. Use SSH to log in to the Console as the root user.

  3. To run the ISO installer on the Console, type the following command: /media/cdrom/setup
    Important: Installing QRadar 7.5.0 Update Package 12 should take approximately 2 hours on a Console appliance.

  4. Wait for the Console primary update to complete.

    Note: In QRadar 7.3.1 Patch 6, a kernel update was introduced to address issues with appliances failing to log in or list unit files. These issues could prevent the appliance from rebooting. This new kernel does not take effect until the appliance is rebooted. You might need to reboot your system manually for the kernel update to take effect.

    To work around this issue, you must perform a restart of the appliance. To do this, type the reboot command, or use Integrated Management Module (IMM).

Results

A summary of the ISO installation advises you of any issues. If there are no issues, you can now SSH to managed hosts and start the installer on each host to run the setup in parallel.

Installation wrap-up

  1. After all hosts are updated, advise your team that they must clear their browser cache before logging in to QRadar SIEM.
  2. To unmount the /media/cdrom directory on all hosts, type:
    /opt/qradar/support/all_servers.sh -C -k “umount /media/cdrom"
  3. Delete the ISO from all appliances.
  4. If you use WinCollect agents version 7.2.6 or later, you must reinstall the SFS file on the QRadar Console. This is due to issues where the ISO replaces the SFS on the Console with WinCollect 7.2.5 as described here: APAR IV96364. To install the latest WinCollect SFS on the Console, see the WinCollect release notes at WinCollect 101.
  5. Review any static routes or customized routing. As mentioned in the administrator notes, all routes were removed and will need to be reconfigured after the upgrade is complete.
  6. Review any iptable rules that are configured to see if the interface names have changed in QRadar 7.5.0 Update Package 12 due to the Red Hat Enterprise 7 operating system updates affecting them. Update any iptables rules that use Red Hat 6 interface naming conventions.

Security Bulletin

Security Bulletin:  IBM QRadar SIEM contaIns multiple vulnerabilities

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0"}]

Document Information

Modified date:
26 June 2025

UID

ibm17232508

Page Feedback