Security

 View Only

Minimum QRadar version for App Development and associated signing changes

By ASHISH KOTHEKAR posted Mon September 23, 2024 02:02 AM

  

Introduction 

In August 2024, Update Pack 9 was released for QRadar version 7.5. The details on how to download the ISO for App development can be found in this blog:  

https://community.ibm.com/community/user/security/blogs/ashish-kothekar/2024/09/09/qradarappdev75up9?CommunityKey=4b5d78c9-2135-48b2-9bbb-0825224461c1 

 For all the business partners who are building QRadar Apps to be published on IBM App Exchange portal, they need to have the minimum supported version to be QRadar 7.5 UP9. This means that business partners need to install/upgrade QRadar 7.5 UP9 and then continue with the App development. 

 If this is not possible, as your users are not yet patched to QRadar 7.5 UP9 Integrations submitted after May 2024 will show as not-signed, due to a change in how certificates are handled. 

 This document outlines the signing changes and how to validate an integration is signed. 

Signing changes

Signing Certificate changes 

Also, there are changes in using the Old_ca certificate which was issued earlier. The Old_ca certificates can still be used until they expire. Old_ca certificates will no longer be issued by IBM. 

The certificate which are issued post-August 2024, will have the CA_new folder containing the required certificates. 

A close-up of a box Description automatically generated

The changes have also been documented in the old technote present:  

https://www.ibm.com/support/pages/node/6442125 

UP9 Signing Changes 

If the apps or extensions need to be developed for versions earlier than QRadar 7.5 UP9 version, then App Exchange will NOT show these apps as IBM Validated.  

Example: https://exchange.xforce.ibmcloud.com/hub/extension/d48d4a6e7d926d2a1ea530aa4a41a22d 


Installed on QRadar 7.5.0 UP9  
A screenshot of a computer Description automatically generated

Installed on QRadar 7.5.0 UP7 A screenshot of a computer Description automatically generated


Verifying an Integration is IBM Validated 

If the IBMCCS / VALIDATE rsa/sf files are present, the Integration is countersigned by the IBM team. 

A screenshot of a computer Description automatically generated

For further validation, this can be used 

https://www.ibm.com/support/pages/qradar-how-validate-downloads-ibm-fix-central-are-trusted-and-code-signed 

If you have any queries, feel free to contact TAP team -  IBMSecurityAlliances@wwpdl.vnet.ibm.com



0 comments
20 views

Permalink