Sie sind auf Seite 1von 14

IBM Security QRadar

Version 7.2.0 Patch 1

Release Notes

Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 7.

Copyright IBM Corp. 2013 All Rights Reserved US Government Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

CONTENTS
1
IBM SECURITY QRADAR SIEM RELEASE NOTES
Installing QRadar 7.2.0 Patch 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Upgrading your QRadar installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Resolved issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

NOTICES AND TRADEMARKS


Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

IBM SECURITY QRADAR SIEM RELEASE NOTES


IBM Security QRadar SIEM 7.2.0 Patch 1 (7.2.614663) is a fix pack that resolves several known issues.
Installing QRadar 7.2.0 Patch 1 Upgrading your QRadar installation Resolved issues

Installing QRadar 7.2.0 Patch 1

If your deployment is installed with QRadar 7.1.0 MR2 (7.1.0.519185) or later, you can install QRadar 7.2.0 Patch 1 (7.2.614901). QRadar 7.2.0 Patch 1 is a cumulative update that contains the necessary software to upgrade and resolve issues for all QRadar products. QRadar patches QRadar patches are installed by using an SFS file to update your entire QRadar 7.2 deployment to the latest software version. The patch tests and verifies that the QRadar Console and managed hosts in your deployment can be updated to the latest version. If there is a software version conflict with a managed host in your deployment, the patch test advises you of the issue and bypasses the software update on the system that cannot be patched. The summary at the end of the patch update advises you of any managed hosts that were not updated. If the patch bypasses a managed host, you can attempt to run the patch on the individual host. Before you begin Before you begin, take the following precautions:

Back up your data before you begin any software upgrade. For more information about backup and recovery, see the IBM Security QRadar SIEM Administration Guide. Close all open QRadar sessions to avoid access errors in your log file. Verify that all changes are deployed on your appliances. The patch cannot install on appliances that have changes that are not deployed.

IBM Security QRadar Release Notes

IBM SECURITY QRADAR SIEM RELEASE NOTES

About this task If your Secure Shell (SSH) session is disconnected while the upgrade is in progress, the upgrade continues. When you reopen your SSH session and rerun the installer, the patch installation resumes. Procedure
Step 1 Download the 720_QRadar_patchupdate-7.2.0.614901.sfs patch from the

IBM Fix Central website. http://www.ibm.com/support/fixcentral/


Step 2 Using SSH, log in to your system as the root user.

User name: root Password: <password>


Step 3 Copy the patch file to the /tmp directory of your QRadar Console.

If space in /tmp is limited, copy the patch file to another location with sufficient space.
Step 4 Create the /media/updates directory:

mkdir -p /media/updates
Step 5 Change to the directory where you copied the patch file.

For example, cd /tmp


Step 6 Type the following command to mount the patch file to the /media/updates

directory:
mount -o loop -t squashfs 710_QRadar_patchupdate-7.2.0.<build_number>.sfs /media/updates/
Step 7 Type the following command to run the patch installer:

/media/updates/installer

The first time that you run the patch installer script, you can expect a delay before the first patch installer menu is displayed.
Step 8 Using the patch installer, select Patch All.

The patch all option updates the software on all systems in your deployment, except secondary high-availability (HA) hosts. The primary HA appliances are patched and they are responsible for replicating data and patch updates to the secondary HA appliance. If you do not select the Patch All option, you must run the patch on each appliance in your deployment. You must patch your appliances in the following order:
1 Console 2 Event Processors 3 Event Collectors 4 Flow Processors 5 Flow Collectors IBM Security QRadar Release Notes

Upgrading your QRadar installation

Upgrading your QRadar installation

If your QRadar deployment is installed with QRadar 7.0 (MR5) or earlier software version, you must upgrade your system to QRadar 7.1 MR2 using an ISO file and then apply QRadar 7.2.0 Patch 1. For more information on upgrading your system, see the IBM Security QRadar SIEM 7.1.0 MR2 Upgrade Guide. This IBM Security QRadar SIEM 7.1.0 MR2 Upgrade Guide is available on the IBM support website: http://www.ibm.com/support.

Resolved issues

The following issues are resolved in QRadar 7.2.0 Patch 1: Bug 48203: System and License Management window no longer displays a refresh browser error message Previously, on the Admin tab System and License Management tab, a refresh browser error message might occur if user deployed changes while a managed host was being added to the deployment. For more information, see APAR IV42506. Bug 48942: Microsoft patch (KB2661254) no longer prevents access to the System Setup window Previously, the System Setup window might not display as intended when the desktop system that you use to access the QRadar SIEM user interface included Microsoft patch KB2661254 patch. For more information, see APAR IV42396. Bug 49128: Missing or corrupted host tokens no longer prevent the system from deploying changes Previously, after a software update, a missing or corrupted host token might prevent the Console from deploying changes to a managed host. For more information, see APAR IV45988. Bug 49457: Tomcat and hostcontext no longer fail to start as expected due to the global configuration password Previously, in the Global Configuration Password field, if your password ended with a special character, core services might not start as expected. For more information, see APAR IV42445.

IBM Security QRadar Release Notes

IBM SECURITY QRADAR SIEM RELEASE NOTES

Bug 49669: Flow data transfer rates might not display the expected value in a search result Previously, on the Network Activity tab, searches that calculate flow transfer rates by using "per second" as the interval do not return the expected result. The issue is due to the calculation between the start and end time of the flow record. For more information, see APAR IV46084. Bug 49707: QFlow Collector appliances do not create SSH tunnels as expected Previously, if a QFlow Collector used encryption tunnel to provide flow data to an Event Collector, the SSH tunnel required might not be created properly. For more information, see APAR IV40512. Bug 51563: Special character variables in a data request might cause the data request to behave unexpectedly Previously, if an application data request contains special characters, then the data transfer might behave unexpectedly. This update validates special characters in the data request. For more information, see APAR IV46189. Bug 52340: QRadar Vulnerability Manager saved searches cause application errors Previously, an application error might display in QRadar Vulnerability Manager for searches that use either the Access complexity = High or Only include PCI failures = Yes parameters. The error message was also displayed if a quick search made use of the access complexity or PCI failures search parameters. Bug 52341: Duplicate vulnerabilities are displayed for the same scanned asset in QRadar Vulnerability Manager Previously, if you scan an asset twice, the detected vulnerabilities are displayed two times in the Found by scan profile or Found by scanner filter options. Bug 52342: QRadar Log Manager fails to show the Vulnerability Management dashboard items Previously, if you apply a QRadar Vulnerability Manager license to QRadar Log Manager, the Vulnerability Management menu items are not displayed when you click the Add Item list on the toolbar. Bug 52343: Systems with a QRadar Vulnerability Manager license applied do not correctly deploy managed hosts or scanners Previously, after you attempt to add a managed host or scanner to your deployment, neither the managed hosts nor the scanners are correctly deployed in the deployment editor.

IBM Security QRadar Release Notes

Resolved issues

Bug 53159: QRadar Vulnerability Manager searches by IPv4 address filter do not return the expected results Previously, on the Vulnerabilities tab, searches that use an IPv4 Address filter that specify a CIDR range in the search field do not return vulnerability result data. Bug 53332: QRadar Vulnerability Manager discovery scans take longer to complete than intended Previously, scan profiles in QRadar Vulnerability Manager that use the Discovery Scan option scans individual ports for each discovered host. This resulted in discovery scans that take longer to complete than intended. Bug 53342: QRadar Vulnerability Manager scan profiles do not accept customized protocol and port scan options Previously, QRadar Vulnerability Manager scan profiles did not override the pre-defined protocol and port when customized values were configured in the How To Scan pane. Bug 53364: Vulnerability Management Dashboard does not display for non-administrator users of QRadar Vulnerability Manager Previously, the Vulnerability Management Dashboard did not display properly for users that were not administrators.

IBM Security QRadar Release Notes

NOTICES AND TRADEMARKS

Whats in this appendix:


Notices Trademarks

This section describes some important notices, trademarks, and compliance information.

Notices

This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte character set (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd. 19-21, Nihonbashi-Hakozakicho, Chuo-ku Tokyo 103-8510, Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law:

IBM Security QRadar Release Notes

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 170 Tracer Lane, Waltham MA 02451, USA Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the
IBM Security QRadar Release Notes

Trademarks

capabilities of non-IBM products should be addressed to the suppliers of those products. All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. All IBM prices shown are IBM's suggested retail prices, are current and are subject to change without notice. Dealer prices may vary. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. If you are viewing this information softcopy, the photographs and color illustrations may not appear.

Trademarks

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at Copyright and trademark information at http://www.ibm.com/legal/copytrade.shtml. The following terms are trademarks or registered trademarks of other companies: Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.

IBM Security QRadar Release Notes

Das könnte Ihnen auch gefallen