Automatic updates

You can automatically or manually update your configuration files to ensure that your configuration files contain the latest network security information.

Updated configuration files help to eliminate false positives and to protect your system from the latest malicious sites, botnets, and other suspicious Internet activity.

Automatic update requirements

The IBM® QRadar® Console must be connected to the Internet to receive the updates. If your Console is not connected to the Internet, you must configure an internal update server for your Console to download the files from.

Update files are available for manual download from the IBM Fix Central (http://www.ibm.com/support/fixcentral).

To maintain the integrity of your current configuration and information, either replace your existing configuration files or integrate the updated files with your existing files.

After you install updates on your Console and deploy your changes, the Console updates its managed hosts.

Description of updates

Update files can include the following updates:

  • Configuration updates that are based on content, including configuration file changes, vulnerabilities, QID maps, supportability scripts, and security threat information updates.
  • DSM, scanner, and protocol updates that include corrections to parsing issues, scanner changes, and protocol updates.
  • Major updates, such as updated JAR files or large patches, that require restarting the user interface service.
  • Minor updates, such as daily automatic update logs or QID map scripts, that do not restart the user interface service.

Automatic updates for high availability deployments

When you update your configuration files on a primary host and deploy your changes, the updates are automatically made on the secondary host. If you do not deploy your changes, the updates are made on the secondary host through an automated process that runs hourly.

Frequency of automatic updates for new installations and upgrades

The default frequency of the automatic update is determined by the installation type and the QRadar version.
  • If you upgrade from QRadar versions earlier than V7.2, the value to which the update frequency is set remains the same after the upgrade. By default, the update is set to weekly, but you can manually change the frequency.
  • If you install a new installation of QRadar V7.2 or later, the default frequency of the update is daily. You can manually change the frequency.