QRadar Analyst Workflow
Starting with QRadar Release 7.4.3FP1, the deployment of the QRadar Analyst Workflow UI changes.
The new version of the “Security QRadar Analyst Workflow” (Release 1.24.10) for QRadar 7.4.3FP1 has been available in the X-Force App Exchange since July 15, 2021.
QRadar Extension Management
From this version the “New UI” is installed via the QRadar Extension Management. Installation may take a moment.
New QRadar-UI App Exchange Download - 7.4.3FP1 only!
The information about the download and the UBI app is available here:
https://exchange.xforce.ibmcloud.com/hub/extension/ec3471adfdbb0b7bb3fbcf60f0ba5837
The good news first
This means that QRadar Analyst Workflow runs as an app on the “QRadar Apphost” and no longer on the “QRadar Console” :)
What to pay attention to?
Before the update to QRadar Version 7.4.3 FP1 is carried out, the “old variant” of "QRadar Analyst Workflow" should be removed!
This prevents unpleasant side effects with the QRadar Analyst Workflow UI.
Which side effects can arise?
Although the containers “graphql” and “ui” start properly under 7.4.3FP1, they cannot be accessed via the link in the QRadar Console - the link is missing.
The QRadar "docker ps" and "docker images" commands
On the command-line, the commands "docker ps" and "docker images" correctly display the started containers.
Only the "Try the New UI" link in the QRadar Console menu is missing.
Attempting to manually call up the link - https://qradar-ip/console/ui - also results in an error. To fix this, the "old containers" have to be stopped and then deleted.
Delete - QRadar Analyst Workflow
To remove the "QRadar Analyst Workflow" instances, run the following commands:
- /opt/ibm/si/conman/bin/conman-api-cli.sh remove -n ui
- /opt/ibm/si/conman/bin/conman-api-cli.sh remove -n graphql
Installation of the UBI App - QRadar Extension Management
Then the new UBI app can be installed via the QRadar Extension Management!
Details can be found here:
https://www.ibm.com/docs/en/qsip/7.4?topic=workflow-installing-ubi-app-version
Administer Apps
After the successful installation of UBI, like all other installed apps, it can be managed via the QRadar Assistant App.
QRadar UI - Release 1.24.10
The current version of the Security QRadar Analyst Workflow App is also displayed in the opened "New UI".
What's left to say?
Colin Hay from IBM mentioned - "The new UI is intended to be converted to a standard extension in the first half of 2021, so it should be runable on the Apphost at that time". Nearly just in time :) here it is! Thank you very much!
So concluding for me, it's exiting to chase the continuous enhancements of QRadar and it's Features :)
#QRadar#qradarapps-highlights#Qradar-Highlights