IBM TechXchange Security Technology Alliance Program User Group

 View Only

Migrating QRadar apps from v1 to v2

By Joel Violette posted Fri May 13, 2022 10:04 AM

  
I'm Joel Violette, the QRadar Technical Enablement Specialist with the IBM Security Alliances team. I'd like to take a few minutes to help you understand the migration from QRadar app framework v1 to v2, why you'll want migrate, and some concrete steps on how to do it.

Why migrate?

1. Python 2 and Centos6 are EoL

Python 2 and Centos 6, the two main technologies that the app framework relies on, are end of life (EoL). This means that no security fixes - or any fixes - will be made to these code streams going forward. This means that if any critical vulnerabilities arise in EoL code streams, the only way to keep safe is, well, not to use them. Upgrade the code to a new code stream.

Notice: QRadar App v1, CentOS 6, and Python 2 End Of Support (published Q3 2020; updated Dec 20, 2021)

This is why we have created App Framework version 2, which relies on Python 3 and Redhat UBI. Both of these codestreams are updated frequently with the latest security fixes.


2. Python 2 and Centos6 contain critical vulnerabilities

Unfortunately critical vulnerabilities have been discovered in Python2 and Centos6. Therefore we are ending support for v1 apps.

Notice: App Framework v1 EoL (Published Nov 26, 2021; updated Dec 14, 2021)

All customers are encouraged in this notice to remove all CentOS (v1) apps and to apply the QRadar update which prevents v1 apps from being installed going forward.


3. Users are warned when downloading V1 apps

On the download page for every v1 app, there is a banner warning the user that these apps contain vulnerabilities and should not be downloaded.

Ok, so how do I know if my integration is affected?

If you go to your app's page on our app exchange and you find a warning banner similar to the one below, your app is affected.
Warning Banner Example


How do I perform the migration?

First, update your QRadar to an app v2 compatible versions, which can be acquired through our Alliance partnership portal:

  • 7.3.3 FP6
  • 7.4.1 FP2+
  • 7.4.2 GA+
Note: export your app from 7.3.3FP6 so your custom content exported with it will work on all v2 compatible versions of QRadar.

High-level steps required to migrate the app:

  1. QRadar Box at app v2 compatible version
  2. Install SDK v2 on your development machine
  3. Upgrade any app Python2 code to Python3
  4. Update the app folder structure
  5. Make a few dependency-related changes
  6. Update the app manifest

There is an excellent official support guide on how to perform the migration here: Guide to migrating apps from v1 to v2. Apart from that document, the Alliances team is here to help with the migration. Feel free to reach out to me and I'll be happy to answer your questions.

Many of our partners have gone through the process and got their app happily up and running in framework v2, so there is a good start.

Which v1 apps on the app exchange would you like to see upgraded to v2?
0 comments
9 views

Permalink