The efficient SIEM operation directly depends on fixing detected vulnerabilities and issues in its functioning. The primary method for this is updating the system to the latest version. Updates can include fixing security issues, releasing new functionality, improving system performance, patches, and so on. In my recent article, we reviewed how to create backups in IBM QRadar. It is strongly recommended to create them before updating your SIEM tool.
To update IBM QRadar, you can choose one of the following options.
To configure automatic updating, you need:
1. Go to the Admin tab – Auto Update.
2. Select – Change Settings.
3. On the Basic menu tab, you need to specify the update frequency, types of updates that will be automatically checked on the IBM site, type of updates’ installation (automatically, with the WEB console restart, or manually by the SIEM administrator).
4. On the Advanced menu tab, you need to configure the proxy server settings, if it is used in the organization to access the Internet.
The Web Server and Directory fields automatically display the software vendor’s servers. If there is no direct Internet connection, then in these fields you can specify local repositories, from which you will update your IBM QRadar.
Other Settings are required to configure backup of updates.
After the configuration is completed, the update will be performed automatically according to the created schedule task.
5. To update system on your demand, go to Check for Updates tab and click Get New Updates button.
To perform a manual update, you need to know which component of the system requires to be updated.
You can find a list of available updates on vendor’s website – https://www.ibm.com/support/fixcentral/
You need to download the required update type from the site. The following types of updates are available:
• APPLIANCE FIRMWARE
• INTERIM FIX
Next, to perform an update, you need to connect via SSH to the IBM QRadar server.
1. Using the utility such as Putty, you need to connect to QRadar with root account.
2. Execute rpm -Uvh command “Update filename”.
3. After the update procedure is completed, you need to perform Deploy Full Configuration, and then restart the Web server manually.
IBM QRadar Updating allows to increase the stability of the system and fix the detected vulnerabilities. Adding new functionality to your SIEM opens up new possibilities for leveraging the system. All this makes the system more flexible and functional, and it is beneficial in a case of a growing number of requests to SIEM or tasks that you can solve only with this tool.