IBM Support

Release of QRadar Network Packet Capture 7.2.8 Patch 5 (7.2.8.60)

Release Notes


Abstract

A list of the installation instructions for the release of QRadar Network Packet Capture 7.2.8 Patch 5 (7.2.8.60). This software is intended for Packet Capture appliances at 7.2.8 only and not for 7.3.X versions.

Content

About this upgrade

 

These instructions are intended to assist administrators with updating appliances to QRadar Network Packet Capture 7.2.8 Patch 5 (7.2.8.60) using an ISO file. This ISO can update QRadar Network Packet Capture appliances or complete a fresh installation. These instructions cover upgrade procedures.

Before you upgrade


Ensure that you take the following precautions:
 

  • These instructions will upgrade existing QRadar Network Packet Capture installations. If you want to do a new install or reinstall, see the QRadar Network Packet Capture Installation Guide.
  • This procedure uses IBM's integrated management module (IMM). This interface must be available/configured to mount the ISO file to complete the update.
  • This update must be completed during a scheduled maintenance window. While the system is updating, Network Packet Captures are not recorded as services are not started.
  • Ensure that you are logged in to the QRadar Network Packet Capture appliance as an administrator.
  • Your system meets the minimum hardware requirements.
  • A keyboard and monitor are connected by using the VGA connection.
 

Completing the Install

 


Required files
Download the QRadar Network Packet Capture 7.2.8 Patch 5 (7.2.8.60) ISO from IBM Fix Central: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+QRadar+Network+Packet+Capture+Appliance&fixids=7.2.8-QRadar-NETPCAP-Upgrade-60&function=fixId&parent=IBM%20Security


Procedure

  1. Log in to the QRadar Network Packet Capture IMM interface using your web browser.
  2. Click Remote Control.
  3. To start the Remote Control session, click Active X for Internet Explorer or Java for all other Browsers.
  4. Click Start Remote Control in Single User Mode.
    NOTE: You should always use single user mode for remote connections for updates.
  5. Verify that the Allow others to request my remote session disconnect check box is unchecked. It is not recommended to allow other users to request the active session for firmware updates.
  6. From the menu, select Virtual Media > Activate.
  7. From the menu, select Virtual Media > Select Devices to Mount.
  8. From the Devices window click Add Image.
  9. Select the QRadarPCAP-upgrade-7.2.8-60.iso image and click Open.
  10. Select the option with your ISO, such as CD/DVD - QRadarPCAP-upgrade-7.2.8-60 and verify that the Mapped check box is selected.
  11. Click Mount Selected.
  12. Reboot the appliance.
  13. When the splash menu is displayed, press <F12> Select Boot device.
  14. In the Boot Devices Manager window, select the Upgrade Pandion option from the boot menu to begin the update.
  15. Wait for the installation to complete.
  16. After the QRadar Network Packet Capture appliance is updated, restart the appliance when prompted.

 

Installation wrap-up

After you have completed the upgrade, log in to IMM and select Virtual Media > Unmount All.

Issues resolved in QRadar Network Packet Capture 7.2.8 Patch 5
Product Component Number Description
QRADAR NETWORK PACKET CAPTURE SECURITY BULLETIN CVE-2018-12126 IBM QRadar Network Packet Capture is vulnerable to Intel Microarchitectural Data Sampling (MDS) Vulnerabilites (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)
QRADAR NETWORK PACKET CAPTURE SECURITY BULLETIN CVE-2019-11477 Linux Kernel as used in IBM QRadar Network Packet Capture is vulnerable to denial of service (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)
Where do I find more information?

[{"Product":{"code":"SSUJWP","label":"IBM Security QRadar Packet Capture"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Installation","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"All Editions"}]

Document Information

Modified date:
19 September 2019

UID

ibm11074068