IBM Support

Interim Fix 02 - For QRadar 7.2 MR1 Patch 2

Release Notes


Abstract

Installation instructions for interim fix 02 of IBM Security QRadar 7.2 MR1 Patch 2 (7.2.1.734536).

Content

Interim fixes are cumulative updates intended to resolve specific APAR issues for the latest software version of QRadar. Interim fix 02 resolves issues identified in the table as IF02, plus any fixes released in interim fix 01 (IF01). If your deployment is installed with IBM Security QRadar 7.2 MR1 Patch 2 (7.2.1.734536), then this interim fix can be applied to your system.

Issues resolved in interim fix 02
Number Description Originally fixed in
IV54733THE RULES WIZARD AND VA SCANNERS WINDOWS MIGHT TAKE A SIGNIFICANT AMOUNT OF TIME TO START IN THE USER INTERFACE.IF02
IV55035MULTIPLE VULNERABILITIES IN IBM QRADAR SIEM (CVE-2014-0838, CVE-2014-0835, and CVE-2014-0836).IF01
IV55222SEARCHES THAT INCLUDE SPECIAL CHARACTERS IN A CUSTOM PROPERTY THAT HAVE BEEN INDEXED MIGHT DISPLAY AN APPLICATION ERROR.IF01
IV55226LOG SOURCES THAT GENERATE IDENTITY EVENTS MIGHT NOT CREATE OR UPDATE ASSET INFORMATION PROPERLY IN THE SYSTEM.IF01

Before you begin

Ensure that you take the following precautions:

  • Back up your data before you begin any software upgrade. For more information about backup and recovery, see the IBM Security QRadar Administration Guide.
  • To avoid access errors in your log file, close all open QRadar sessions.
  • The interim fix for QRadar cannot install on a managed host that is at a different software version from the Console. All appliances in the deployment must be at the same software revision to patch the entire deployment.
  • Verify that all changes are deployed on your appliances.
  • The patch cannot install on appliances that have changes that are not deployed.

About this task

Interim fixes are software updates intended to fix a small number of known software issues in your QRadar deployment. The interim fixes restart services, which halts event and flow collection in your deployment until the installation completes.


Procedure

  1. Download interim fix 7.2.1-QRADAR-QRSIEM-770275INT from the IBM Fix Central website: 7.2.1-QRADAR-QRSIEM-770275INT.
  2. Using SSH, log in to your system as the root user.
  3. Copy the interim fix to the /tmp directory on the QRadar Console. Note: If space in the /tmp directory is limited, copy the interim fix to another location that has sufficient space.
  4. To create the /media/updates directory, type the following command: mkdir -p /media/updates
  5. Change to the directory where you copied the patch file. For example, cd /tmp
  6. To mount the patch file to /media/updates, type the following command: mount -o loop -t squashfs 721_QRadar_interimfix-7.2.1.734536-IF02-770275.sfs /media/updates/
  7. To run the patch installer, type the following command: /media/updates/installer
    Note: The first time that you run the interim fix, there might be a delay before the installation menu is displayed.
  8. Using the patch installer, select all.

The all option updates the software on all systems in your deployment. In HA deployments, primary HA appliances are patched and replicate the patch update to the secondary HA appliance.

NOTE: If your Secure Shell (SSH) session is disconnected while the installation is in progress, the installation continues. When you reopen your SSH session and rerun the installer, the current state of the installation is displayed.


Results

A summary of the interim fix installation advises you of any managed host that were not updated. If the interim fix fails to update a managed host, you can copy the interim fix to the host and run the installation locally.

For specific questions or concerns about updating your system, contact IBM customer support or post a question in the IBM developerWorks forum: IBM developerWorks - QRadar forum.

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Documentation","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
10 May 2019

UID

swg27041375