IBM Support

Release of IBM Security QRadar Analyst Workflow 1.9.16

Release Notes


Abstract

This release provides usability enhancements and fixes several known issues.

Content

IBM® Security QRadar® Analyst Workflow provides new methods for filtering offenses and events, and graphical representations of offenses, by magnitude, assignee, and type. The improved offenses workflow provides a more intuitive method to investigate offenses to determine the root cause of an issue and work to resolve it. Use the built-in query builder to create AQL queries by using examples and saved or shared searches, or by typing plain text into the search field.
For more information about QRadar Analyst Workflow, see IBM Documentation.

Resolved issues

QRadar Analyst Workflow 1.9.16 resolves the following known issues:
  • Threat Panel does not display login screen to save XForce credentials.
  • Application can crash when product logo is clicked.
  • User is logged out of QRadar when Advisor filter is applied.

What's new

QRadar Analyst Workflow 1.9.16 includes the following new features:
  • Added accessibility improvements for VPAT compliance.
  • Added MITRE integrations.
  • Changed Analyst Workflow version numbering to match version control system.
  • Added line break to offense details graph banner Users and Log Sources hyperlinks.
  • Removed Assign Offense action menu item for closed offenses on Offense Details page.
  • Added tooltip for long customized columns.
  • Added Log Source name to Log Sources hyperlink on Offense Details page.

Known issues

QRadar Analyst Workflow 1.9.16 contains the following known issues:
  • Clicking the events hyperlink produces no results due to time server settings.
  • Summary charts do not display for admin multi-tenancy users.

Supported browsers

You can use QRadar Analyst Workflow on any browser that is supported by QRadar. For a list of supported browsers, see: https://www.ibm.com/docs/SS42VS_7.4/com.ibm.qradar.doc/c_shi_browser_support.html

Installing or upgrading QRadar Analyst Workflow

Important: The QRadar Analyst Workflow requires root access to install. If you are using the command line to enable root user privileges, you must use the following command:
sudo su -
If you use sudo su (without -), full root access is not granted.
Procedure
  1. Download the latest QRadarAnalystWorkflow<x.x.x>.zip file from IBM Fix Central.
    See also the documentation for the QRadar Analyst Workflow on the IBM Security App Exchange.
  2. If you have custom SSL certificates, run the following commands in any directory on your QRadar Console:
    • update-ca-trust
    • systemctl restart docker
  3. If you have a previous installation directory, you must delete it before you extract the .zip file. For example, on the QRadar Console run the following command:
    rm -rf /store/qradar-ui /root/qradar-ui
  4. Copy QRadarAnalystWorkflow<x.x.x>.zip to your QRadar console by using the Linux "secure copy" (scp) command or an SFTP client.
    Secure copy example: scp QRadarAnalystWorkflow<x.x.x>.zip <QRadar host>:/<directory>
  5. To extract the QRadarAnalystWorkflow<x.x.x>.zip file on your QRadar console, type the following command:
    rm -rf /root/qradar-ui /store/qradar-ui && unzip tmp/QRadarAnalystWorkflow<x.x.x>.zip -d /store/qradar-ui
  6. On the QRadar console, run ./qradar-ui/start.sh, then wait for the logs to run.
  7. Access the QRadar Analyst Workflow by using one of the following methods:
    • In the navigation menu, click Try the New UI.
    • Access the new UI in your browser at https://<QRadar IP address>/console/ui.
  8. Delete QRadarAnalystWorkflow<x.x.x>.zip and the installation folder.
    Example: rm -fr /store/qradar-ui /tmp/QRadarAnalystWorkflow<x.x.x>.zip

Removing QRadar Analyst Workflow

To remove the QRadar Analyst Workflow, run the following commands:

/opt/ibm/si/conman/bin/conman-api-cli.sh remove -n ui

/opt/ibm/si/conman/bin/conman-api-cli.sh remove -n graphql

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwthAAA","label":"Offenses"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.0;7.4.1;7.4.2"}]

Document Information

Modified date:
20 April 2021

UID

ibm16441743

Page Feedback