IBM Support

Release of IBM Security QRadar Analyst Workflow 2.6.5

Release Notes


Abstract

This release provides usability enhancements and fixes several known issues.

Content

IBM® Security QRadar® Analyst Workflow provides new methods for filtering offenses and events, and graphical representations of offenses, by magnitude, assignee, and type. The improved offenses workflow provides a more intuitive method to investigate offenses to determine the root cause of an issue and work to resolve it. Use the built-in query builder to create AQL queries by using examples and saved or shared searches, or by typing plain text into the search field.
For more information about QRadar Analyst Workflow, see IBM Documentation.

Resolved issues

QRadar Analyst Workflow 2.6.5 resolves the following known issues:
  • Fixed an issue that produced an error when a query was started before the Events table was fully loaded.
  • Fixed an issue that displayed a filter as "undefined" when the user applied a filter on a table item.

What's new

QRadar Analyst Workflow 2.6.5 includes the following new features:
  • Added a toggle switch to the Event and Flow panels to hide or show empty custom properties.
  • UI design improvements.
  • Accessibility improvements.
  • Performance improvements.

Known issues

QRadar Analyst Workflow 2.6.5 contains the following known issue:

Supported browsers

You can use QRadar Analyst Workflow on any browser that is supported by QRadar. For a list of supported browsers, see: https://www.ibm.com/docs/SS42VS_7.4/com.ibm.qradar.doc/c_shi_browser_support.html

Installing or upgrading QRadar Analyst Workflow

These instructions describe the installation process for QRadar versions 7.4.0 to 7.4.3 GA only. For installations with QRadar version 7.4.3 Fix Pack 1 and later, QRadar Analyst Workflow is installed as a standard application by using extensions management.
For more information, see IBM Documentation.
Important: The QRadar Analyst Workflow requires root access to install. If you are using the command line to enable root user privileges, you must use the following command:
sudo su -
If you use sudo su (without -), full root access is not granted.
Procedure
  1. Download the latest QRadarAnalystWorkflow<x.x.x>.zip file from IBM Fix Central.
    See also the documentation for the QRadar Analyst Workflow on the IBM Security App Exchange.
  2. If you have custom SSL certificates, run the following commands in any directory on your QRadar Console:
    • update-ca-trust
    • systemctl restart docker
  3. If you have a previous installation directory, you must delete it before you extract the .zip file. For example, on the QRadar Console run the following command:
    rm -rf /store/qradar-ui /root/qradar-ui
  4. Copy QRadarAnalystWorkflow<x.x.x>.zip to your QRadar console by using the Linux "secure copy" (scp) command or an SFTP client.
    Secure copy example: scp QRadarAnalystWorkflow<x.x.x>.zip <QRadar host>:/<directory>
  5. To extract the QRadarAnalystWorkflow<x.x.x>.zip file on your QRadar console, type the following command:
    rm -rf /root/qradar-ui /store/qradar-ui && unzip tmp/QRadarAnalystWorkflow<x.x.x>.zip -d /store/qradar-ui
  6. On the QRadar console, run ./qradar-ui/start.sh, then wait for the logs to run.
  7. Access the QRadar Analyst Workflow by using one of the following methods:
    • In the navigation menu, click Try the New UI.
    • Access the new UI in your browser at https://<QRadar IP address>/console/ui.
  8. Delete QRadarAnalystWorkflow<x.x.x>.zip and the installation folder.
    Example: rm -fr /store/qradar-ui /tmp/QRadarAnalystWorkflow<x.x.x>.zip

Removing QRadar Analyst Workflow

To remove the QRadar Analyst Workflow, run the following commands:

/opt/ibm/si/conman/bin/conman-api-cli.sh remove -n ui

/opt/ibm/si/conman/bin/conman-api-cli.sh remove -n graphql

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwthAAA","label":"Offenses"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.3"}]

Document Information

Modified date:
22 December 2021

UID

ibm16524274