IBM Support

QRadar: Firmware list for xSeries appliances

Release Notes


Abstract

Administrators looking for the latest firmware downloads can review this page to locate firmware updates for QRadar appliances. The installation instructions include a direct download link to the firmware from IBM Fix Central.

Content

This page is a landing page for content about firmware updates for QRadar appliances. Each table includes links for administrators to navigate to the release notes. The release notes for the firmware include tabs, typically an About tab to describe the firmware update and an Installation tab with the procedure for administrators. Every release note includes a download link for IBM Fix Central to download the required firmware update.

Quick links:

 
 

Recent releases (change list)

  • 26 January 2024: Added M7 V3.0 & 4.0 and M7 firmware links.
  • 01 June 2023: Added M7 V2.1 and M6 firmware V9.0.0 links.
  • 22 November 2022: Added M5 firmware V9.0.0.
  • 7 November 2022: Added M6 firmware V7.1.0.
  • 6 June 2022: Added M6 firmware V6.0.0.
  • 13 December 2021: Added M6 firmware V5.0.0 and M5 V8.0.0 release notes.
  • 1 April 2021: Added M6 firmware release V3.1.0 and M5 V6.0.0 release notes for IMM (remote) and USB (on-prem) installs.
  • 6 October 2020: Added M6 firmware release V2.0.0 for IMM (remote) and USB (on-prem) installs.
  • 29 June 2020: Added M4 V7.0.0 firmware for IMM (remote) and USB (on-prem) installs.
  • 26 May 2020: Added M6 V1.1.0 firmware for xClarity ISO (remote) and USB (on-prem) installs.
  • 5 May 2020: Added M5 V5.0.0 firmware for IMM (remote) and USB (on-prem) installs.
  • 5 November 2019: Release of M4 firmware version 6.0 for IMM (remote) and USB (on-prem) installs
  • 26 September 2019: Release of M5 firmware version 4.0.0 for IMM (remote) and USB (on-prem) installs
  • 10 April 2019: Release of M5 firmware version 3.3.0 for IMM (remote) and USB (on-prem) installs
  • 15 March 2019: Added a special notice for M5 v3.2.1 firmware for a Samsung SSD drive issue reported in the field.
  • 22 January 2019: Added links to newly published IBM Security Bulletins for M3 v2.2.0, M4 v5.2.0, and M5 v3.2.1 firmware.
  • 13 January 2019: Added the release of new M3 (v2.2.0) and M4 (v5.2.0) firmware versions.


 

About 1U or 2U form factor appliances


QRadar 1U form factor appliances: 12xx, 13xx, 15xx, 21xx


QRadar 2U form factor appliances: 16xx, 17xx, 18xx, 31xx

 

Upgrade progression for QRadar appliance firmware

 
Administrators who want to upgrade their firmware must install the latest firmware version available. If you attempt to install the latest firmware package and you cannot proceed due to a dependency or missing prerequisite version, the BoMC utility displays errors for both IMM and uEFI. Anytime you experience an error upgrading firmware contact QRadar Support for assistance.
 
M7 firmware releases
What version do I install to update?
4.0.0 Latest version
3.0.0 Install firmware 4.0.0
2.1.0 Install firmware 4.0.0
1.0.0 (Factory release) Install firmware 2.1.0
M6 firmware releases
What version do I install to update?
9.0.0 Latest version
7.1.0 Install firmware 9.0.0
6.0.0 Install firmware 9.0.0
5.0.0 Install firmware 9.0.0
3.1.0 Install firmware 9.0.0
2.0.0 Install firmware 9.0.0
1.1.0 (Factory release) Install firmware 9.0.0
M5 firmware releases
What version do I install to update?
9.0.0 Latest version
8.0.0 Install firmware 9.0.0
6.0.0 Install firmware 9.0.0
5.0.0 Install firmware 9.0.0
4.0.0 Install firmware 9.0.0
3.3.0 Install firmware 9.0.0
3.2.1 Install firmware 9.0.0
3.0.2 Install firmware 9.0.0
2.1.0 Install firmware 9.0.0
1.0 (Factory release) Install firmware 9.0.0
M4 firmware releases
What version do I install to update?
7.0.0 Latest version
6.0.0 Install firmware 7.0.0
5.2.0 Install firmware 7.0.0
5.0 (USB) & 5.0.1 (ISO/IMM) Install firmware 7.0.0
4.1.0 (2U) & 4.0.1 (1U) Install firmware 7.0.0
3.0.0 Install firmware 7.0.0
2.0.3 Install firmware 7.0.0
1.1 Install firmware 7.0.0
1.0 (Factory release) Install firmware 7.0.0

 
M3 firmware releases
What version do I install to update?
2.2.0 Latest version
2.1.0 Install firmware 2.2.0
1.0 (Factory release) Install firmware 2.2.0
 

Where to find CVE information for firmware updates

The release notes include a list of CVEs resolved by the firmware update. In older firmware releases, a change or text file might be attached to the release notes. For more information, see:

 

Installation types: remote (IMM) versus on-prem (USB)

The latest firmware updates available use the Integrated Management Module (IMM) to upgrade firmware as remote management interfaces are available to most administrators. Administrators who want to install firmware on remote appliances must first install the IMM firmware with the uxz file, then mount and boot from the ISO file to install other firmware updates. Remote updates allow administrators more flexibility with their appliances, where the USB installer is intended for on-prem (local) appliance updates. The latest versions of USB firmware releases use a .IMG file and bootable USB key utilities, such as Rufus to create a USB key that can be used to update firmware on the QRadar appliance. Not all administrators have a Windows workstation to create the USB drives or allow USB drives in their data centers, so two upgrade types are provided for update flexibility. There are some older versions of firmware that use the IBM Bootable Media Creator, instead of .IMG files and the Rufus to create bootable USB drives. The following table outlines Windows operating systems that can be used to create a bootable USB drive for each firmware version. The newest method of creating a bootable USB drive is to use an IMG file and Rufus where the older method used the IBM Bootable Media Creator utility. Bootable media tools might include Windows operating system restrictions. Administrators who do not have access to a Windows workstation can use the IMM instructions to remotely update their QRadar xSeries appliance.


Bootable USB drive software and Windows OS version support

M7 Firmware
USB installation type Supports Windows XP/Vista
Supports Windows 7?
Supports Windows 8/10?
4.0.0 Not available Not available Not available Not available
3.0.0 Not available Not available Not available Not available
2.1.0 IMG file No Yes Yes


 

M6 Firmware
USB installation type Supports Windows XP/Vista
Supports Windows 7?
Supports Windows 8/10?
9.0.0 IMG file No Yes Yes
7.1.0 IMG file No Yes Yes
6.0.0 IMG file No Yes Yes
5.0.0 IMG file No Yes Yes
3.1.0 IMG file No Yes Yes
2.0.0 IMG file No Yes Yes
1.1.0 IMG file No Yes Yes


 

M5 Firmware
USB installation type Supports Windows XP or Vista
Supports Windows 7?
Supports Windows 8 or 10?
9.0.0 IMG file No Yes Yes
8.0.0 IMG file No Yes Yes
6.0.0 IMG file No Yes Yes
5.0.0 IMG file No Yes Yes
4.0.0 IMG file No Yes Yes
3.3.0 IMG file No Yes Yes
3.2.1 IMG file No Yes Yes
3.0.2 IBM Bootable Media Creator No Yes Yes
2.1.0 IBM Bootable Media Creator No Yes Yes
1.0 (Factory) IBM Bootable Media Creator No Yes Yes
M4 Firmware
USB installation type Supports Windows XP or Vista
Supports Windows 7?
Supports Windows 8 or 10?
7.0.0 IMG file No Yes Yes
6.0.0 IMG file No Yes Yes
5.2.0 IMG file No Yes Yes
5.0 & 5.0.1 IBM Bootable Media Creator No Yes No
4.1.0 (2U) & 4.0.1 (1U) IBM Bootable Media Creator No Yes No
3.0.0 IBM Bootable Media Creator No Yes No
2.0.3 IBM Bootable Media Creator No Yes No
1.1 IBM Bootable Media Creator No Yes No
1.0 (Factory) IBM Bootable Media Creator No Yes No
   
M3 Firmware
USB installation type Supports Windows XP or Vista
Supports Windows 7?
Supports Windows 8 or 10?
2.2.0 IMG file No Yes Yes
2.1.0 IBM Bootable Media Creator No Yes Yes
1.0 IBM Bootable Media Creator No Yes No

M7 firmware version list for QRadar appliances

Administrators can use the table to locate the proper firmware for their M7 appliance. This firmware bundle can be installed on any QRadar M7 appliance and applies to both 1U and 2U form factors. Release notes are updated to include new instructions for the xClarity software for users who complete remote ISO installations of their QRadar appliances.

 
Firmware version Server type Machine type Form factor Appliances Installation instructions
4.0.0 SR630 V2
SR650 V2
7Z71
7Z73
1U
2U
1U
IBM QRadar Network Insights Appliance 1901 (MTM 4723-N9C)
IBM QRadar XX05 1U (MTM 4723-Q7B)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 1U (MTM 4723-Q9C)
IBM QRadar XX48 1U (MTM 4793-Q8D)

2U
IBM QRadar Network Insights 1920 2U (MTM 4723-N2A)
IBM QRadar Network Insights 1940 2U (MTM 4723-N4B)
IBM QRadar XX29 M7 appliance 2U (MTM 4723-Q9A)
IBM QRadar Incident Forensics Appliance 2U (MTM 4723-F1A)
XCC / ISO file (remote update instructions)
 
Note: No USB option available at this time. Admistrators must use the ISO / XCC option to upgrade to M7 V4.0.0 firmware.
3.0.0 SR630 V2
SR650 V2
7Z71
7Z73
1U
2U
1U
IBM QRadar Network Insights Appliance 1901 (MTM 4723-N9C)
IBM QRadar XX05 1U (MTM 4723-Q7B)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 1U (MTM 4723-Q9C)
IBM QRadar XX48 1U (MTM 4793-Q8D)

2U
IBM QRadar Network Insights 1920 2U (MTM 4723-N2A)
IBM QRadar Network Insights 1940 2U (MTM 4723-N4B)
IBM QRadar XX29 M7 appliance 2U (MTM 4723-Q9A)
IBM QRadar Incident Forensics Appliance 2U (MTM 4723-F1A)
XCC / ISO file (remote update instructions)
Note: No USB option available at this time. Admistrators must use the ISO / XCC option to upgrade to M7 V4.0.0 firmware.
2.1.0 SR630 V2
SR650 V2
7Z71
7Z73
1U
2U
1U
IBM QRadar Network Insights Appliance 1901 (MTM 4723-N9C)
IBM QRadar XX05 1U (MTM 4723-Q7B)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 1U (MTM 4723-Q9C)
IBM QRadar XX48 1U (MTM 4793-Q8D)

2U
IBM QRadar Network Insights 1920 2U (MTM 4723-N2A)
IBM QRadar Network Insights 1940 2U (MTM 4723-N4B)
IBM QRadar XX29 M7 appliance 2U (MTM 4723-Q9A)
IBM QRadar Incident Forensics Appliance 2U (MTM 4723-F1A)
XCC / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

M7 firmware version 2.1.0 updates UEFI, XCC, and mitigates several CVEs.

M6 firmware version list for QRadar appliances

Administrators can use the table to locate the proper firmware for their M6 appliance. This firmware bundle can be installed on any QRadar M6 appliance and applies to both 1U and 2U form factors. Release notes are updated to include new instructions for the xClarity software for users who complete remote ISO installations of their QRadar appliances.

 
Firmware version Server type Machine type Form factor Appliances Installation instructions
9.0.0 SR630 M6
SR650 M6
7X02
7X06
1U
2U
IBM QRadar Network Insights Appliance 1901 G2 (4563-F8Y)
IBM QRadar Network Insights Appliance 1910 G2 (4563-F7Y)
IBM QRadar Network Insights Appliance 1920 G2 (4563-F5F)
IBM QRadar Core Appliance XX29 G2 (4563-Q4A)
IBM QRadar Core Appliance XX48 G2 (4563-Q5B)
IBM QRadar Core Appliance XX05 G4 (4563-Q3E)
IBM QRadar Incident Forensics Appliance G4 (4563-F3A)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 G4 (4563-Q5D)
IBM QRadar Network Packet Capture Appliance G2 (4563-F3C)
XCC / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

M6 firmware version 9.0.0 updates UEFI, XCC, and mitigates several CVEs.
7.1.0 SR630 M6
SR650 M6
7X02
7X06
1U
2U
IBM QRadar Network Insights Appliance 1901 G2 (4563-F8Y)
IBM QRadar Network Insights Appliance 1910 G2 (4563-F7Y)
IBM QRadar Network Insights Appliance 1920 G2 (4563-F5F)
IBM QRadar Core Appliance XX29 G2 (4563-Q4A)
IBM QRadar Core Appliance XX48 G2 (4563-Q5B)
IBM QRadar Core Appliance XX05 G4 (4563-Q3E)
IBM QRadar Incident Forensics Appliance G4 (4563-F3A)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 G4 (4563-Q5D)
IBM QRadar Network Packet Capture Appliance G2 (4563-F3C)
XCC / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

M6 firmware version 7.1.0 updates UEFI, XCC, and mitigates several CVEs.
6.0.0 SR630 M6
SR650 M6
7X02
7X06
1U
2U
IBM QRadar Network Insights Appliance 1901 G2 (4563-F8Y)
IBM QRadar Network Insights Appliance 1910 G2 (4563-F7Y)
IBM QRadar Network Insights Appliance 1920 G2 (4563-F5F)
IBM QRadar Core Appliance XX29 G2 (4563-Q4A)
IBM QRadar Core Appliance XX48 G2 (4563-Q5B)
IBM QRadar Core Appliance XX05 G4 (4563-Q3E)
IBM QRadar Incident Forensics Appliance G4 (4563-F3A)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 G4 (4563-Q5D)
IBM QRadar Network Packet Capture Appliance G2 (4563-F3C)
XCC / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

M6 firmware version 6.0.0 updates UEFI, XCC, raid controller, and resolves reported CVEs.
5.0.0 SR630 M6
SR650 M6
7X02
7X06
1U
2U
IBM QRadar Network Insights Appliance 1901 G2 (4563-F8Y)
IBM QRadar Network Insights Appliance 1910 G2 (4563-F7Y)
IBM QRadar Network Insights Appliance 1920 G2 (4563-F5F)
IBM QRadar Core Appliance XX29 G2 (4563-Q4A)
IBM QRadar Core Appliance XX48 G2 (4563-Q5B)
IBM QRadar Core Appliance XX05 G4 (4563-Q3E)
IBM QRadar Incident Forensics Appliance G4 (4563-F3A)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 G4 (4563-Q5D)
IBM QRadar Network Packet Capture Appliance G2 (4563-F3C)
XCC / ISO file (remote update instructions)
USB / IMG file (on-prem update instructions)

M6 firmware version 5.0.0 updates UEFI, XCC, raid controller, HDD software revisions, and resolves reported CVEs.
3.1.0 SR630 M6
SR650 M6
7X02
7X06
1U
2U
IBM QRadar Network Insights Appliance 1901 G2 (4563-F8Y)
IBM QRadar Network Insights Appliance 1910 G2 (4563-F7Y)
IBM QRadar Network Insights Appliance 1920 G2 (4563-F5F)
IBM QRadar Core Appliance XX29 G2 (4563-Q4A)
IBM QRadar Core Appliance XX48 G2 (4563-Q5B)
IBM QRadar Core Appliance XX05 G4 (4563-Q3E)
IBM QRadar Incident Forensics Appliance G4 (4563-F3A)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 G4 (4563-Q5D)
IBM QRadar Network Packet Capture Appliance G2 (4563-F3C)
XCC / ISO file (remote update instructions)
USB / IMG file (on-prem update instructions)

M6 firmware version 3.1.0 updates UEFI, XCC, raid controller, HDD software revisions, and resolves several CVEs as outlined in the release notes.
2.0.0 SR630 M6
SR650 M6
7X02
7X06
1U
2U
IBM QRadar Network Insights Appliance 1901 G2 (4563-F8Y)
IBM QRadar Network Insights Appliance 1910 G2 (4563-F7Y)
IBM QRadar Network Insights Appliance 1920 G2 (4563-F5F)
IBM QRadar Core Appliance XX29 G2 (4563-Q4A)
IBM QRadar Core Appliance XX48 G2 (4563-Q5B)
IBM QRadar Core Appliance XX05 G4 (4563-Q3E)
IBM QRadar Incident Forensics Appliance G4 (4563-F3A)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 G4 (4563-Q5D)
IBM QRadar Network Packet Capture Appliance G2 (4563-F3C)
XCC / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

M6 firmware version 2.0.0 updates UEFI, XCC, raid controller, HDD software revisions, and resolves several CVEs as outlined in the release notes.
1.1.0 SR630 M6
SR650 M6
7X02
7X06
1U
2U
IBM QRadar Network Insights Appliance 1901 G2 (4563-F8Y)
IBM QRadar Network Insights Appliance 1910 G2 (4563-F7Y)
IBM QRadar Network Insights Appliance 1920 G2 (4563-F5F)
IBM QRadar Core Appliance XX29 G2 (4563-Q4A)
IBM QRadar Core Appliance XX48 G2 (4563-Q5B)
IBM QRadar Core Appliance XX05 G4 (4563-Q3E)
IBM QRadar Incident Forensics Appliance G4 (4563-F3A)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 G4 (4563-Q5D)
IBM QRadar Network Packet Capture Appliance G2 (4563-F3C)
XCC / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

M6 firmware version 1.1.0 updates UEFI, XCC, raid controller, HDD software revisions, and resolves several CVEs as outlined in the release notes.

M5 firmware version list for QRadar appliances

Administrators can use the table below to locate the proper firmware for their M5 appliance. This firmware bundle can be installed on any QRadar M5 appliance and applies to both 1U and 2U form factors. If you are unsure or have questions, you can ask a question in our forums (http://ibm.biz/qradarforums) or contact support.

IMPORTANT: Administrators with M5 appliances and IMM version 3.70 might experience an issue where the firmware update can reset the IP address configuration or user configuration on the remote management device (IMM). Verify the IP address for your IMM before you update. If you need to reconfigure your IP address, you might need a Console, or crash cart connection to the appliance if you use IMM as a primary method to SSH or remote managed your QRadar appliance.

 
Firmware version Server type Machine type Form factor Appliances Installation instructions
9.0.0 (latest) x3550 M5
x3650 M5
MT 8871
MT 8869
1U
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q7C - IBM QRadar QFlow Collector 1202/1301
4412-Q8C - IBM QRadar QFlow Collector 1310   
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

M5 firmware V9.0.0 resolves important CVEs, including an Intel Platform Update (IPU).
8.0.0 x3550 M5
x3650 M5
MT 8871
MT 8869
1U
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q7C - IBM QRadar QFlow Collector 1202/1301
4412-Q8C - IBM QRadar QFlow Collector 1310   
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

M5 firmware V8.0.0 updates UEFI, IMM2, raid controller, HDD software revisions, and resolves several CVEs as outlined in the release notes.
6.0.0 x3550 M5
x3650 M5
MT 8871
MT 8869
1U
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q7C - IBM QRadar QFlow Collector 1202/1301
4412-Q8C - IBM QRadar QFlow Collector 1310
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

M5 firmware V6.0.0 updates UEFI, IMM2, raid controller, HDD software revisions, and resolves several CVEs as outlined in the release notes.
5.0.0 x3550 M5
x3650 M5
MT 8871
MT 8869
1U
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q7C - IBM QRadar QFlow Collector 1202/1301
4412-Q8C - IBM QRadar QFlow Collector 1310
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

M5 firmware v5.0.0 updates UEFI, IMM2, raid controller, HDD software revisions, and resolves several CVEs as outlined in the release notes.
4.0.0 x3550 M5
x3650 M5
MT 8871
MT 8869
1U
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q7C - IBM QRadar QFlow Collector 1202/1301
4412-Q8C - IBM QRadar QFlow Collector 1310 
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

M5 firmware v4.0.0 updates UEFI, IMM2, raid controller, HDD software revisions, and resolves several CVEs as outlined in the release notes.
3.3.0 x3550 M5
and
x3650 M5
MT 8871
and
MT 8869
1U
and
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)


This release updates several firmware packages and resolves the Samsung sizing issue on solid-state drives (SSDs): FRU 01GR787, Model number MZILS3T8HMLHV3. See: http://ibm.biz/qradarm5ssd for more information on this issue.
 
3.2.1 x3550 M5
x3650 M5
MT 8871
MT 8869
1U
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
IMM / ISO file (remote update instructions)

USB / IMG file (on-prem update instructions)

Important: New Security Bulletins are published to inform administrators of mitigations for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:
 
3.0.2 x3550 M5
x3650 M5
MT 8871
MT 8869
1U
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
ISO / IMM (remote update instructions)

NOTE: This update resolves multiple security vulnerabilities, including CVE-2017-5715 as reported in the firmware release notes. Currently, USB installs are not available. Administrators must use their Integrated Management Module (IMM) to update M5 xSeries firmware until further notice.
2.1.0 x3550 M5
x3650 M5
MT 8871
MT 8869
1U
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
ISO / IMM (remote update instructions)
1.0.0 (Factory)
x3550 M5
x3650 M5
MT 8871
MT 8869
1U
2U
4412-Q1E - IBM QRadar xx05 G3
4412-Q4D - IBM QRadar Event Collector 1501 G3
4412-F4Y - IBM QRadar Network Insights 1901
4412-Q2A - IBM QRadar xx29
4412-Q3B - IBM QRadar xx48
4412-F1A - IBM QRadar Incident Forensics
4412-F3F - IBM QRadar Network Insights 1920
4412-F2C - IBM QRadar Network Packet Capture
N/A (Factory install)
 
 

7. M4 firmware version list for QRadar appliances

Administrators can use the table to locate the proper firmware for their M4 appliance. Administrators can always install the latest firmware. Prerequisites are listed in the release notes, but administrators can attempt to update as multiple firmware versions are bundled to ensure that software can be updated. In situations where you do not meet an installation prerequisite, contact support for assistance (https://ibm.com/mysupport).

 
Firmware version Server type Machine type Form factor Appliances Installation type
7.0.0 (Latest) x3650 M4 BD 5466 2U QRadar 1400 Data Node (4380-Q1E)
QRadar Event Processor 1605 (4380-Q1E)
QRadar Flow Processor 1705 (4380-Q1E)
QRadar Event Processor 1628 (4380-Q2E)
QRadar Flow Processor 1728 (4380-Q2E)
QRadar 3105 (All-in-One) (4380-Q1E)
QRadar 3105 (Console) (4380-Q1E)
QRadar 3128 (All-in-One) (4380-Q2E)
QRadar 3128 (Console) (4380-Q2E)
QRadar Log Manager 3105 (All-in-One) (4380-Q1E)
QRadar Log Manager 3105 Console (4380-Q1E)
QRadar Log Manager 3128 (All-in-One) (4380-Q2E)
QRadar Log Manager 3128 (Console) (4380-Q2E)
QRadar Vulnerability Manager (4380-Q1E)
QRadar Risk Manager (4380-Q1E)
IBM Security QRadar Incident Forensics xx28 (4531-G1E)
IBM Security QRadar Packet Capture xx28 (4531-G2E)
IBM Security QRadar Packet Capture Data Node xx28 (4531-G3E)
ISO / IMM (remote update instructions)

USB Drive (local update instructions)

This release includes multiple CVE updates for UEFI, IMM2, and DSA security vulnerabilities.
7.0.0 (Latest) x3650 M4 BD 7914 1U QRadar 21xx (4380-Q1C)
QRadar Event Collector 1501 G2 (4380-Q2C)
QRadar QFlow Collector 1201 G2 (4380-Q2C)
QRadar QFlow Collector 1202 G2 (4380-Q3C)
QRadar QFlow Collector 1301 G2 (4380-Q4C)
QRadar QFlow Collector 1310 G2 (4380-Q5C)
QRadar QFlow Collector 1310 SR-C G2 (4380-Q5C)
QRadar QFlow Collector 1310 LR-C G2 (4380-Q6C)
ISO / IMM (remote update instructions)

USB Drive (local update instructions)

This release includes multiple CVE updates for UEFI, IMM2, and DSA security vulnerabilities.
6.0.0 x3650 M4 BD 5466 2U QRadar 1400 Data Node (4380-Q1E)
QRadar Event Processor 1605 (4380-Q1E)
QRadar Flow Processor 1705 (4380-Q1E)
QRadar Event Processor 1628 (4380-Q2E)
QRadar Flow Processor 1728 (4380-Q2E)
QRadar 3105 (All-in-One) (4380-Q1E)
QRadar 3105 (Console) (4380-Q1E)
QRadar 3128 (All-in-One) (4380-Q2E)
QRadar 3128 (Console) (4380-Q2E)
QRadar Log Manager 3105 (All-in-One) (4380-Q1E)
QRadar Log Manager 3105 Console (4380-Q1E)
QRadar Log Manager 3128 (All-in-One) (4380-Q2E)
QRadar Log Manager 3128 (Console) (4380-Q2E)
QRadar Vulnerability Manager (4380-Q1E)
QRadar Risk Manager (4380-Q1E)
IBM Security QRadar Incident Forensics xx28 (4531-G1E)
IBM Security QRadar Packet Capture xx28 (4531-G2E)
IBM Security QRadar Packet Capture Data Node xx28 (4531-G3E)
ISO / IMM (remote update instructions)

USB Drive (local update instructions)


This release includes multiple CVE updates for OpenSSL and processor microcode security vulnerabilities.
6.0.0 x3550 M4 7914 1U QRadar 21xx (4380-Q1C)
QRadar Event Collector 1501 G2 (4380-Q2C)
QRadar QFlow Collector 1201 G2 (4380-Q2C)
QRadar QFlow Collector 1202 G2 (4380-Q3C)
QRadar QFlow Collector 1301 G2 (4380-Q4C)
QRadar QFlow Collector 1310 G2 (4380-Q5C)
QRadar QFlow Collector 1310 SR-C G2 (4380-Q5C)
QRadar QFlow Collector 1310 LR-C G2 (4380-Q6C)
ISO / IMM (remote update instructions)
USB Drive (local update instructions)

This release includes multiple CVE updates for OpenSSL and processor microcode security vulnerabilities.
5.2.0
 
x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
 
ISO / IMM (remote update instructions)

USB Drive (local update instructions)
Important: New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:
5.2.0

 
x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
ISO / IMM (remote update instructions)

USB Drive (local update instructions)
Important: New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:
5.0.1 ISO/IMM

5.0 USB

 
x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28

NOTE: This update resolves multiple security vulnerabilities, including CVE-2017-5715 as reported in the firmware release notes.
ISO / IMM (remote update instructions)

USB Key (local update instructions)

NOTE: The ISO/IMM firmware version 5.0.0 is replaced by version 5.0.1 to resolve an issue where the model type list did not display during the update of a M4 2U appliance over IMM. This issue is resolved and links are updated in the release notes to direct users to firmware 5.0.1 on Fix Central.
5.0 x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
ISO / IMM (remote update instructions)

USB Key (local update instructions)

NOTE: This update resolves multiple security vulnerabilities, including CVE-2017-5715 as reported in the firmware release notes.
4.1.0 x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
ISO / IMM (remote update instructions)
4.0.1 x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
ISO / IMM (remote update instructions)
3.0.0 x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
2U Link
3.0.0 x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
1U Link
2.0.3 x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
Link
2.0.3 x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
Link
1.1 x3550 M4 7914 1U 4380-Q1C - IBM QRadar 2100 G2
4380-Q2C - IBM QFlow Collector 1201 /1501 G2
4380-Q3C - IBM QFlow Collector 1202
4380-Q4C - IBM QFlow Collector 1301
4380-Q5C - IBM QFlow Collector 1310-SR
4380-Q6C - IBM QFlow Collector 1310-LR
Link
1.1 x3650 M4 BD 5466 2U 4380-Q1E - IBM QRadar xx05 G2
4380-Q2E - IBM QRadar xx28 G2
4531-G1E - IBM QRadar Incident Forensics xx28
4531-G2E - IBM QRadar Packet Capture xx28
4531-G3E - IBM QRadar Packet Capture Data Node xx28
Link
1.0 x3550 M4 7914 1U Firmware version 1.0 was replaced with firmware 1.1. Firmware 1.1 contains the same firmware update files and includes an easier installation method that uses a USB drive. N/A (Factory install)
1.0 x3650 M4 BD 5466 2U Firmware version 1.0 was replaced with firmware 1.1. Firmware 1.1 contains the same firmware update files and includes an easier installation method that uses a USB drive. N/A (Factory install)
 

 

8. M3 firmware version list for QRadar appliances

Administrators can use the table below to locate the proper firmware for their M3 appliance. IBM does not publish remote update (IMM/ISO) instructions for M3 appliances as this time and administrators with M3 appliances are required to use a USB drive to complete firmware updates.  If you have questions about the firmware release, you can ask a question in our forums ( http://ibm.biz/qradarforums ) or contact support.

 
Firmware version Server type Machine type Form factor Appliances Installation instructions
2.2.0 (Latest) x3550 M3 7944 1U 4378-Q21 - IBM QRadar 2100
4378-QC1 - IBM QFlow Collector 1201
4378-QC2 - IBM QFlow Collector 1202
4378-QSR - IBM QFlow Collector 1301
4378-QLR - IBM QFlow Collector 1302
4378-QD1 - IBM Event Collector 1501
USB Drive Installation Instructions
 

New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:

2.2.0 (Latest) x3630 M3 7377 2U 4379-Q05 - IBM QRadar xx05 G1
4379-Q24 - IBM QRadar xx24 G1
USB Drive Installation Instructions
 

New Security Bulletins have been published to inform administrators of a firmware and software remediation for CVE-2018-3639 and CVE-2018-3640 as reported in the following IBM Security Bulletins:

2.1 x3550 M3 7944 1U 4378-Q21 - IBM QRadar 2100
4378-QC1 - IBM QFlow Collector 1201
4378-QC2 - IBM QFlow Collector 1202
4378-QSR - IBM QFlow Collector 1301
4378-QLR - IBM QFlow Collector 1302
4378-QD1 - IBM Event Collector 1501
USB Drive Installation Instructions
2.1 x3630 M3 7377 2U 4379-Q05 - IBM QRadar xx05 G1
4379-Q24 - IBM QRadar xx24 G1
USB Drive Installation Instructions
1.0 x3550 M3 7944 1U 4378-Q21 - IBM QRadar 2100
4378-QC1 - IBM QFlow Collector 1201
4378-QC2 - IBM QFlow Collector 1202
4378-QSR - IBM QFlow Collector 1301
4378-QLR - IBM QFlow Collector 1302
4378-QD1 - IBM Event Collector 1501
USB Drive Installation Instructions
1.0 x3630 M3 7377 2U 4379-Q05 - IBM QRadar xx05 G1
4379-Q24 - IBM QRadar xx24 G1
USB Drive Installation Instructions
 

 

9. Installing firmware on high-availability (HA) appliances

A: Setting the secondary active

Before you attempt to install any firmware, the administrator must set the primary offline and wait for the secondary appliance to become active. This process will take 5-10 minutes to complete depending on your hardware and appliance type.

  1. Click the Admin tab.
  2. Click the System and License Management icon.
  3. Select the HA primary appliance. This is the system that you want to set to offline.
  4. From the toolbar, select High Availability > Set System Offline.
  5. Wait for the (primary) appliance Host Status column to display Offline.
  6. Verify the Host Status column displays Active for the secondary appliance.
  7. To verify the primary is offline, SSH to the primary appliance.
  8. From the command line, type:
    systemctl hostcontext status
  9. Verify the status displays stopped.

    Results
    You are now ready to update the firmware on the primary (Offline) appliance.

B: Installing firmware on the primary

  1. Insert the USB drive that has the bootable image into the QRadar appliance.
  2. From the terminal of the KVM switch for the appliance, log in by using the root credentials.
  3. From the command prompt, type:
    reboot
  4. As the appliance reboots, press the F12 key to select a boot device.
  5. Select the bootable firmware image, for example, USB Storage and press Enter.
  6. When prompted, select the Updates option and complete the firmware installation.

C: Setting the primary active

The administrator must set the secondary offline and wait for the status of the primary appliance to change from Standby to Active. This process will take 5-10 minutes to complete depending on your hardware and appliance type.

  1. Click the Admin tab.
  2. Click the System and License Management icon.
  3. Verify the primary HA appliance is in standby.
  4. If the primary is in the offline state, right-click the primary appliance and select Set System Online.
  5. Select the HA secondary appliance. The secondary is the system that you want to set to offline.
  6. From the toolbar, select High Availability > Set System Offline.
  7. Wait for the secondary appliance Host Status column to display Offline.
  8. Wait for the primary appliance Host Status column to transition from Standby to Active.
  9. To verify the primary is offline, SSH to the primary appliance.
  10. From the command line, type:
    systemctl hostcontext status
  11. Verify the status is stopped.

D: Installing firmware on the secondary

  1. Insert the USB drive that has the bootable image into the QRadar appliance.
  2. From the terminal of the KVM switch for the appliance, log in by using the root credentials.
  3. From the command prompt, type:
    reboot
  4. As the appliance is rebooting, press the F12 key to select a boot device.
  5. Select the bootable firmware image, for example, USB Storage and press Enter.
  6. When prompted, select the Updates option and complete the firmware installation.

E: Setting the secondary to standby

  1. Click the Admin tab.
  2. On the navigation menu, click System Configuration.
  3. Click the System and License Management icon.
  4. Verify the secondary HA appliance is in standby.
  5. If the secondary is in the offline state, right-click the secondary appliance and select Set System Online.

    Results
    The secondary is standby and the primary appliance is in the Online state. The firmware update is complete. If you have additional questions, ask us in our forums at http://ibm.biz/qradarforums or open a support ticket with QRadar Support .

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtcAAA","label":"Hardware"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
27 February 2024

UID

swg27047121