IBM Support

Release of QRadar Network Packet Capture 7.5.0 Update Package 8 (Build 1510)

Release Notes


Abstract

This document includes installation instructions and known issues for QRadar Network Packet Capture 7.5.0 Update Package 8 (Build 1510). You must have QRadar Network Packet Capture 7.5.0 Update Package 7 (Build 1509) to upgrade to this version.

Content

About this installation

 

Follow these instructions to upgrade your appliance to use QRadar Network Packet Capture 7.5.0 Update Package 8 (Build 1510).

What's New

Red Hat Enterprise Linux 8 (RHEL8) Operating System
QRadar Network Packet Capture 7.5.0-1510 introduces RHEL8 operating system that supports TLS v1.3 in HTTPS sessions (API and Web Interface).
Operator, Monitor and Admin user accounts
In QRadar Network Packet Capture 7.5.0-1510, you can create Operator and Monitor user accounts or additional Admin accounts.​​​​​​
  • Admin user accounts grant access to all configuration options including Search.
  • Monitor user accounts grant read-only view access to monitor the device and group status.
  • Operator user accounts grant access to monitor and execute Search.

Known Issues

A backup of "terms.txt" is required if it was modified before upgrading to 7.5.0-1509 
If the terms.txt (found on the appliance at "/opt/pandion/client/terms.txt") has been modified to display custom license terms, the file must be backed up before performing the upgrade to the latest release. The 7.5.0-1509 release replaces the contents of the terms.txt file with the IBM license terms. After the upgrade is completed, replace the terms.txt with the custom version. 

Before you install

Ensure that you take the following precautions:

  • This procedure uses IBM's integrated management module (IMM). This interface must be available/configured to mount the ISO file to complete the update.
  • This installation must be completed during a scheduled maintenance window. While the system is updating, Network Packet Captures are not recorded as services are not started.
  • Ensure that you are logged in to the QRadar Network Packet Capture Appliance as an administrator.
  • Your system meets the minimum hardware requirements.
  • A keyboard and monitor are connected by using the VGA connection.
 

Important: If you have a stacked configuration of QRadar Network Packet Capture appliances, you must unstack your appliances before you can upgrade. Upgrade each appliance individually and then re-create the stack. Unstacking the appliances ensures that your data is preserved during the upgrade. You must also turn off Traffic Capture.

Completing the Installation


Required files for upgrade installation
You must have QRadar Network Packet Capture 7.5.0 Update Package 7 (Build 1509) to use the following installation file.

Procedure

  1. Log in to the QRadar Network Packet Capture IMM interface by using your web browser.
  2. Click Remote Control.
  3. To start the Remote Control session, click Active X for Internet Explorer or Java for all other Browsers.
  4. Click Start Remote Control in Single User Mode.
    NOTE: You should always use single user mode for remote connections for new installations or upgrades.
  5. Verify that the Allow others to request my remote session disconnect checkbox is cleared. It is not recommended to allow other users to request the active session for firmware updates.
  6. From the menu, select Virtual Media > Activate.
  7. From the menu, select Virtual Media > Select Devices to Mount.
  8. From the Devices window, click Add Image.
  9. Select the QRadar Network Packet Capture image that was downloaded from Fix Central and click Open.
  10. Select the option with your ISO, and verify that the Mapped checkbox is selected.
  11. Click Mount Selected.
  12. Restart the appliance.
  13. When the splash menu is displayed, press <F12> Select Boot device
    (The upgrade process includes mounting the Upgrade Package 8 upgrade image and rebooting to the virtual drive. Then, select the Upgrade QRadarPCAP-7.5.0-150 option from the boot menu.) 
  14. In the Boot Devices Manager window, select CD/DVD and press enter to start the upgrade installation.
  15. Wait for the installation to complete. 
    (The upgrade process is completed in two phases. The first phase installs the necessary packages for the Leapp upgrade utility. Then, users are prompted to reboot the system.)
  16. After the QRadar Network Packet Capture Appliance is updated, restart the appliance when prompted.

Installation wrap-up

  1. The installation is complete when the Leapp End of Report message is displayed.
  2. After the installation is completed, press the Enter or Return key to display the root prompt, and log in with your root credentials.
  3. Log in to IMM and select Virtual Media > Unmount All.
  4. Verify if the network interface retains its IP configuration by using ifconfig. If the IP configuration is not retained, run the nmtui utility to reconfigure the network settings. 
  5. Log in to the QRadar Network Packet Capture web interface with administrative credentials and verify if the Traffic Capture option is still turned on in the ADMIN tab. 
Where do I find more information?

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwszAAA","label":"Install"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0"}]

Document Information

Modified date:
15 July 2024

UID

ibm17158032

Page Feedback