IBM Support

Notice: End of Support for QRadar SIEM 7.4.X (28 April 2023)

General Page

Starting with the version 7.5.0 release, QRadar development moved to a continuous delivery model, under which fixes and updates will be delivered on the next version. This article discusses upcoming dates and what to expect from support as 7.4.x versions are marked end of life.

Upcoming end of life dates QRadar software

Administrators need to plan the upgrades to QRadar 7.5.0 before April 2023. 

  • IBM® QRadar® 7.4.x is marked end of life on 28 April 2023.
    Note: 7.4.x includes 7.4.0, 7.4.1, 7.4.2, and 7.4.3 versions per https://ibm.biz/qradarlifecycle.
Use the QRadar Support team’s software list to locate downloads, release notes, latest versions, and resolved issues. If you encounter any issues during the upgrade, contact QRadar Support for assistance and upload logs for troubleshooting your case. For more information about the QRadar lifecycle, see IBM QRadar Support Lifecycle.

End of life software and the impact to users

End of life indicates that development is delivering all software updates on newer versions, but does not mean that product support has ceased.

Software and code impact

  • No further software updates after 7.4.3 Fix Pack 9. All fixes are officially delivered on QRadar 7.5.0.
  • No further RPMs are delivered for DSMs, protocol, or scanner issues. All parsing and event-mapping updates are halted for QRadar 7.4.x. Auto updates still run daily, but official IBM DSMs are delivered on 7.5.x versions as 7.3.x and 7.4.x are end of life.
  • Software removed from IBM Fix Central as ISOs or SFS files are no longer be accessible.
  • No more reported issues or APARs created for 7.4.x versions.
  • IBM Documentation for 7.4.x versions might be removed online.
     

Support impact

  • Support can assist users on 7.4.x versions with system down issues.
  • Assistance is available for users who experience problems with upgrades on end of life software versions.
  • Support is limited to assisting users with configuration problems or confirming whether a reported issue can be resolved with a software update.
     

Upgrade paths to QRadar 7.5.0


Administrators can install an SFS from 7.3.2 and later to upgrade directly to any QRadar 7.5.0 Update Package version.
 
  • QRadar 7.3.2 (Fix Pack 3 and later) can upgrade directly to QRadar 7.5.0 latest.
  • QRadar 7.3.3 (All versions) can upgrade directly to QRadar 7.5.0 latest.
  • QRadar 7.4.0 (All versions) can upgrade directly to QRadar 7.5.0 latest.
  • QRadar 7.4.1 (All versions) can upgrade directly to QRadar 7.5.0 latest.
  • QRadar 7.4.2 (All versions) can upgrade directly to QRadar 7.5.0 latest.
  • QRadar 7.4.3 (All versions) can upgrade directly to QRadar 7.5.0 latest.
  • QRadar 7.5.0 (All versions) can upgrade directly to QRadar 7.5.0 latest.

    Note: If you upgrade to QRadar 7.5.0 Update Package 4 or later and have WinCollect 7.x agents deployed in managed mode, you must also upgrade your WinCollect agents to V7.3.1-28. Administrators who cannot upgrade QRadar and all managed WinCollect agents during your scheduled maintenance window can install QRadar 7.5.0 Update Package 3 to avoid the communication issue described in the WinCollect flash notice.

 

What’s New in 7.5.0

  • Continuous delivery model
    If you want to know about this development model, visit IBM Cloud Continuous Delivery.
  • Improved query specification and speed with 2 new AQL functions
    • The OFFENSE_TIME function limits the query to applicable times that an offense might be active.
    • The DISTINCTCOUNT function uses the HyperLogLog+ approximation algorithm to calculate the unique count and operates with a constant memory requirement. The function supports unlimited data sets.
  • Safety by default
    A new policy was implemented to enable encryption by default for all newly added Managed Hosts.
  • Easier app individualization
    App Framework improvements enable admins to more individually control the memory settings for each application

Upgrade Planning

QRadar software updates are performed by administrators. Technical Support personnel do not complete, monitor, or manage software upgrades for administrators as it is considered "out-of-scope". For more information about administrator responsibilities and other related topics when you perform an upgrade, see our Software update cases and support policies. Administrators must contact IBM Security Expert Labs for extra assistance when out of Technical Support's scope actions are needed.


Administrators are advised reviewing thoroughly the Software update checklist for administrators to avoid issues during the upgrade caused by deficient planning. 

Helpful information

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtdAAA","label":"Upgrade"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.0;7.4.1;7.4.2;7.4.3"}]

Document Information

Modified date:
31 March 2023

UID

ibm16963616

Page Feedback