Release Notes
Abstract
A list of the installation instructions, new features, and resolved issues for the release of QRadar Incident Forensics 7.3.2 Patch 3 (7.3.2.20190705120852) ISO. These instructions are intended for administrators who want to install QRadar Incident Forensics 7.3.2 Patch 3 by using an ISO file.
Content
Known Issues
| Product | Component | Number | Description |
|---|---|---|---|
| QRADAR | UPGRADES | IJ17937 | LOGIN ACCESS TO QRADAR CAN BE RESTRICTED FROM LDAP/AD ENVIRONMENTS DUE TO DIFFERENCES IN DOMAIN REALMS |
| QRADAR | RULES | IJ18032 | EC CAN FAIL TO PROCESS/PARSE EVENTS AFTER PATCHING TO 7.3.2 P3 IF YOU HAVE PRE-EXISTING ROUTING RULES CONFIGURED |
Resolved issues
For a list of APAR links of resolved issues in QRadar Incident Forensics 7.3.2 Patch 3, see Authorized Program Analysis Reports.
Some APAR links might take 24 hours to display properly after a software release is posted to IBM Fix Central.
About this installation
These instructions are intended to assist you when you install QRadar Incident Forensics 7.3.2 Patch 3 by using an ISO file. These instructions inform you how to update your deployment to the latest version. For more information, see the QRadar Incident Forensics Installation Guide .
The QRadar Incident Forensics 7.3.2 Patch 3 ISO (7.3.2.20190705120852) can install QRadar Incident Forensics 7.3.2 Patch 3. However, this document does not cover all of the installation messages and requirements, such as changes to memory requirements or browser requirements for QRadar Incident Forensics.
See Preparing for the upgrade for a list of steps to review before updating your QRadar deployment.
Part 1. Installing the QRadar Incident Forensics 7.3.2 Patch 3 ISO
These instructions guide you through the process of installing QRadar Incident Forensics 7.3.2 Patch 3.
Procedure
- Download the QRadar Incident Forensics 7.3.2 Patch 3 ISO (5.5 GB) from the IBM Fix Central website: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+Security+QRadar+Incident+Forensics&fixids=7.3.2-QRADAR-QIFFULL-20190705120852
- Use SSH to log in to the Console as the root user.
NOTE: When you log in, the SSH session should display 7.3.2 as the Console's version. This is verification that the QRadar Console has been updated to 7.3.2, which is required before you update your Incident Forensics appliance. - Open an SSH session to the QRadar Incident Forensics appliance.
- To run the ISO installer, type the following command: /media/dvd/setup
Important: Installing QRadar Incident Forensics 7.3.2 Patch 2 can take 1 to 2 hours to complete on the appliance.
- Wait for the installation to complete.
A summary of the ISO installation advises you of any issues. If there are no issues, you can now SSH to managed hosts and start the installer on each host to run the setup in parallel.
Part 2. Installation wrap-up
- After all hosts are updated, send an email to your team to inform them that they will need to clear their browser cache before they log in to the QRadar Incident Forensics SIEM interface.
- To unmount the /media/dvd directory, type: umount /media/dvd
- Delete the ISO from the appliance.
- Review any static routes or customized routing. As mentioned in the administrator notes, all routes were removed and will need to be reconfigured after the upgrade completes.
- Review any iptable rules that are configured should be reviewed as the interface names have changed in QRadar Incident Forensics 7.3.2 Patch 2 due to the Red Hat Enterprise 7 operating system updates. Update any iptables rules that use Red Hat 6 interface naming conventions.
Where do I find more information?
Was this topic helpful?
Document Information
Modified date:
31 July 2019
UID
ibm10959867