IBM QRadar

I wanted to post an important reminder that QRadar 7.4.x is coming up on its end of life date. This means that users need to consider upgrading to QRadar 7.5.x going forward. Be aware, end of life does not mean that we will not take care of system down issues or critical problems, but administrators need to plan to upgrade so we can troubleshoot on supported software streams.

Important links

1. QRadar SIEM 7.4.x EoS article

2. QRadar Vulnerability Manager: Product end of service

What to know...

• No more parsing changes in QRadar 7.4.x. This means that any change or parsing update for RPMs that are 7.4.x for protocols, DSMs, and Scanners are not being updated after the EoL date occurs. Users are going to be required to implement overrides and potentially QID updates as only 7.5.x RPMs are going to be delivered through QRadar automatic updates.

• QRadar Vulnerability Manager (QVM) is going End of service. A future upgrade for QRadar 7.5.0 UP6 is going to remove scan capability and components when after administrators run the 7.5.0 UP6 installer. After 30 April, automatic updates and other changes are going to apply to QVM functionality and administrators can review the technical note linked to see the UI changes that will take place after the 7.5.0 UP6 on the Console. Note: There will also be functionality and clean up for components in UP7 as well, but the core changes are in 7.5.0 UP6 to remove scan functionality. Administratrators can convert scans over to Tenable as there are deals and discounts if you need to configure ad-hoc scanning or configure a new vuln scanner to replace QVM. Third party VA Scanner imports are still supported, but QVM itself is end of service.

• Documentation typically disappears from online sites after QRadar 7.4.x goes end of life. If you want to grab 7.4.x PDFs before end of life, see: https://www.ibm.com/docs/en/qsip/7.4?topic=SS42VS_7.4/com.ibm.qradar.doc/c_pdf_launch.html

• Fix Central ISOs and SFS files might be removed. We typically recommend that if you cannot upgrade before the EoS date, that you download the ISOs for your current 7.4.x version in case you need support assistance to rebuild an appliance.

• As mention, QRadar Support will not turn users away for critical issues/system down problems on 7.4.x versions. However, admins need to be aware that there are no more code fixes for QRadar 7.4.x. QRadar Support might be limited as to how we can assist administrators based on the issue as QRadar 7.4.3 Fix Pack 9 is the last 7.4.x release and all fixes are provided on QRadar 7.5.x.

Be aware of the upcoming EoS/EoL dates and put together an upgrade plan.

Did you know....
Users can alert QRadar Support as to when they have planned upgrades. This ensures that we have staff available to assist when you have a scheduled maintenance window.

------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com
------------------------------

Tip: As you prepare to upgrade, you can run the install pretest with the -t option to run basic checks, for example /media/updates/installer -t.

The pretest does stop services, so it is important that you run it during scheduled maintenance before you plan to upgrade. The pretest tool can catch potential issues that might save you time before you start a planned upgrade. 

------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com
------------------------------

Original Message:
Sent: Fri April 07, 2023 05:58 PM
From: Jonathan Pechta
Subject: Important: Upcoming software end of life versions (QRadar 7.4.x and QVM)

I wanted to post an important reminder that QRadar 7.4.x is coming up on its end of life date. This means that users need to consider upgrading to QRadar 7.5.x going forward. Be aware, end of life does not mean that we will not take care of system down issues or critical problems, but administrators need to plan to upgrade so we can troubleshoot on supported software streams.

Important links

1. QRadar SIEM 7.4.x EoS article

2. QRadar Vulnerability Manager: Product end of service

What to know...

• No more parsing changes in QRadar 7.4.x. This means that any change or parsing update for RPMs that are 7.4.x for protocols, DSMs, and Scanners are not being updated after the EoL date occurs. Users are going to be required to implement overrides and potentially QID updates as only 7.5.x RPMs are going to be delivered through QRadar automatic updates.

• QRadar Vulnerability Manager (QVM) is going End of service. A future upgrade for QRadar 7.5.0 UP6 is going to remove scan capability and components when after administrators run the 7.5.0 UP6 installer. After 30 April, automatic updates and other changes are going to apply to QVM functionality and administrators can review the technical note linked to see the UI changes that will take place after the 7.5.0 UP6 on the Console. Note: There will also be functionality and clean up for components in UP7 as well, but the core changes are in 7.5.0 UP6 to remove scan functionality. Administratrators can convert scans over to Tenable as there are deals and discounts if you need to configure ad-hoc scanning or configure a new vuln scanner to replace QVM. Third party VA Scanner imports are still supported, but QVM itself is end of service.

• Documentation typically disappears from online sites after QRadar 7.4.x goes end of life. If you want to grab 7.4.x PDFs before end of life, see: https://www.ibm.com/docs/en/qsip/7.4?topic=SS42VS_7.4/com.ibm.qradar.doc/c_pdf_launch.html

• Fix Central ISOs and SFS files might be removed. We typically recommend that if you cannot upgrade before the EoS date, that you download the ISOs for your current 7.4.x version in case you need support assistance to rebuild an appliance.

• As mention, QRadar Support will not turn users away for critical issues/system down problems on 7.4.x versions. However, admins need to be aware that there are no more code fixes for QRadar 7.4.x. QRadar Support might be limited as to how we can assist administrators based on the issue as QRadar 7.4.3 Fix Pack 9 is the last 7.4.x release and all fixes are provided on QRadar 7.5.x.

Be aware of the upcoming EoS/EoL dates and put together an upgrade plan.

Did you know....
Users can alert QRadar Support as to when they have planned upgrades. This ensures that we have staff available to assist when you have a scheduled maintenance window.

As always, if there are questions or concerns feel free to ask in this thread or send me a quick note in email if your question is sensitive or you do not want to ask publicly.

------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com
------------------------------