Administrators with 7.5.0 UP10 or later can upgrade to their QRadar deployment to 7.5.0 Update Package 14. This release includes performance enhancements, tiered storage for Data Nodes, UI improvements, rule test update to set magnitude, offense improvements, and resolves 24 reported issues from QRadar users. This release includes mitigations for CVEs to update the security posture of QRadar SIEM.

Administrators with 7.5.0 UP13 can now apply Interim Fix 2 to their QRadar deployment. This Interim Fix release resolved three reported issues and includes remediations for 19 CVEs. For details, see the QRadar 101 Software page for release notes, download links, and more.

Administrators with 7.5.0 UP13 can now apply Interim Fix 1 to their QRadar deployment. This Interim Fix release resolved three reported issues and includes remediations for 2 CVEs. For details, see the QRadar 101 Software page for release notes, download links, and more.

Administrators with 7.5.0 UP10 or UP11 (any interim fix level) can now upgrade directly to the 7.5.0 UP13 release. This release enhances Console-only failover improvements and optimized backup validation time. Offense tab now has a Timeline view of offenses, Magnitude-based ranking, or Host-based categorization. Admin tab updates for Unified Store & Forward, Domain management, centralized credentials, and resource restriction interfaces. Regex Custom Properties now allow multiple capture groups and literals in custom properties. Added SNMPv3 and snmpwalk polling for hosts. Enhanced partial search result visibility. The improved suggested regex for parsing, auto-population of Event ID and Event Category, and event parsing for several core DSM types.

The QRadar Investigation Assistant powered by watsonx.ai uses Large Language Models (LLM) and Natural Language Processing (NLP) to help analysts while working with offenses. Crisp and accurate AI-generated offense summary helps to reduce false negatives caused by complex attacks that are not easily observable to the human eye, reduce the skills required for security analysts to understand complex incidents and attack vector, and boost analyst productivity by significantly reducing time spent on offense investigation. Additionally, the app provides AI-generated short-term and long-term recommendations help take decisive actions against critical threats.

Administrators with 7.5.0 UP12 can now upgrade to the 7.5.0 UP12 Interim Fix 2. This release resolves 3 important known issues for reference set search results, a backup issue, and a user interface issue, plus includes a Custom Property fix for a cache issue from 7.5.0 UP12 Interim Fix 1 when a custom property contains over 1000 values. Administrators can install IF2 to get the contents of IF1 and IF2 with a single update. For more information, see the QRadar Software 101 page for a link to the release notes and software download on IBM Fix Central.

Administrators with 7.5.0 UP10 or UP11 (any interim fix level) can now upgrade directly to the 7.5.0 UP12 release. This release enhances the search progress visualization, improves search performance for multi-tenant deployments with Reference Set filters, enhances search for Event Collectors by name, Data Node scattering improvements, Java 11 updates for protocols, and add creation date to the offense summary page and the offense search page.

On 14 May, 2025 a new release of WinCollect 7.3.1 Patch 4 was posted to IBM Fix Central. This release 7.3.1-122 is a required update for users on 7.5.0 Update Package 12 and resolved two issues reported by users.

Administrators with 7.5.0 UP8, UP9, or UP10 (any interim fix level) can now upgrade directly to the 7.5.0 UP11 release. This release updates the core operating system for QRadar from Red Hat Enterprise V8.8 to V8.10, updates Postgres from 11.7 to 16.2, and an Apache Struts update. Features such as Workflow Analyst App as the default dashboard, flow forwarding performance, new API functionality for assets and offense API responses in OSCF format, and more. The UP11 release resolves 39 Known Issues reported by users. Administrators who want to validate UP11 with the code signing script can get the latest version 1.0.2, which includes updated certificate bundle to validate UP11 and later software downloads from IBM Fix Central.

Administrators with 7.5.0 UP8 or UP9 can now upgrade directly to the 7.5.0 UP10 release. This release adds multiple features, such as a Light Mode toggle as a user preference, Parallel patching feature allows you to stage and upgrade all QRadar managed hosts in the deployment in an unattended manner and view the % updated for your deployment as a live status, and FISMA support adds IPv6 parsing, ingestion, search, and integration features across QRadar. This release also improves event and flow search stability and performance for large deployments, high query concurrency, and complex datasets by managing memory more effectively, as well as improving searching for IPv6 addresses, which are up to 200 times faster.

IBM has identified an issue where QRadar deployments may experience an outage of Event ingestion after the Auto Update released on 4 October 2024 is completed. Users reporting this issue were unable to see events in Log Activity or new offenses being generated. This issue is now resolved.

Administrators can now better understand and enforce policy with the IBM Security QRadar Generative AI Content Extension. This content pack uses the URL Host custom property from several DSM types, along with reference maps, to monitor AI platform usage within the organization. The dashboard includes breakdowns by AI tool usage, hosts making the most requests to AI domains, Event Counts, Location, Top 10 Source IPs, Top 10 Destination IPs, Top 10 Users, and recent queries (events).

Administrators upgrading to 7.5.0 Update Package 9 may experience longer maintenance windows. A reported issue indicates a post-patch update script that takes longer than expected. Do not interrupt the upgrade or reboot an appliance before it is complete to avoid a system rebuild. A flash notice includes a command to help estimate the impact on upgrade timing. Administrators who wish to avoid this issue can wait for the re-release of 7.5.0 UP9, which is coming soon.

IBM has released QRadar 7.5.0 Update Package 9, the recommended upgrade path for QRadar 7.5.0 UP7 users. This release introduces features like dark mode UI modernization, CIDR data types in reference sets, improved Data Nodes and Offline event forwarding, and Data Synchronization app enhancements. Additionally, 69 known issues from previous releases have been resolved. Administrators should review the Pulse app known issue and be aware that full HA data sync will be performed for HA secondaries.

IBM identified a replication issue for managed hosts on QRadar 7.5.0 Update Package 8 following the Auto Update from 21 June 2024. Users experiencing this issue reported problems with deploy changes. A workaround is available in the flash notice for administrators on 7.5.0 UP8 (any interim fix level).

A replacement release is available on IBM Fix Central for QRadar 7.5.0 Update Package 8 Interim Fix 3, addressing six reported issues. This release replaces the removed 7.5.0 UP8 Interim Fix 2, which had a search performance issue. As interim fixes are cumulative, administrators can install 7.5.0 UP8 IF3 and receive all prior fixes.

QRadar 7.5.0 Update Package 8 Interim Fix 2 was temporarily removed from IBM Fix Central due to a search performance issue identified as DT386246.

The latest QRadar Community Edition is now available on QRadar 7.5.0 Update Package 8, running on Red Hat 8.8. This edition supports non-enterprise users, allowing them to run QRadar with a 100 EPS and 5,000 FPM license. Ideal for students, developers, hobbyists, and network security teams to run QRadar at home. For details, visit the QRadar Community Edition webpage.

The new release of QRadar Log Source Management allows bulk updates to name templates, disables Target Event Collect for Syslog sources, includes security updates, and resolves an error for users without sources in their security profile. Learn more on the QRadar Community Edition page.

QRadar 7.5.0 Update Package 8 is now available on IBM Fix Central, updating the operating system baseline from RHEL 7.9 to RHEL 8.8. Administrators should ensure /storetmp has 10GB free space, review for LUKS encrypted disks, and follow post-install procedures for HA appliances. Visit the Software 101 page for more details and release notes.

Managed WinCollect agents planning to upgrade to QRadar 7.5.0 Update Package 8 should install the latest WinCollect 7.3.1-43. After upgrading, download and install the SFS file for WinCollect 7.4.1-43. For more information, see the WinCollect 7 page on QRadar 101.

As the release of QRadar 7.5.0 Update Package 8 approaches, QRadar SIEM development has identified a known issue where hosts with LUKS encryption cannot be upgraded to 7.5.0 Update Pack 8. This is a RHEL limitation for QRadar 7.5.0 Update Package 8. Customers who want to upgrade to 7.5.0 Update Pack 8 from 7.5.0 Update Pack 7 should ensure that no hosts in the deployment have LUKS encryption. For more information, see the Flash Notice.