IBM Security QRadar SOAR

Hi All, 

We are planning to upgrade the QRadar SOAR platform from version v44.2.35 to 45.2.43.
Based on the documentation one of the update is in Integration server
- The minimum version of Python that is supported on the integration server is updated from 3.6.4 to 3.6.9. Python 3.9 is also supported.

Our Integration Server and QRadar SOAR are installed in same Virtual Machine. Currently the installed version of Python is 3.6 in the virtual machine.
We would like to confirm if is it fine to install the Python3.9, will it not affect the QRadar SOAR platform.
What are the additional required packages that we need to install. 

Thank you.

------------------------------
Marc Lainez
------------------------------

Hi All,

Appreciate your reply on this, in addition do we need to uninstall the existing Python3.6 or we can just install the Python3.9. Then  the QRadar SOAR will handle it in the backend to use the Python3.9. Thank you.

------------------------------
Marc Lainez
------------------------------

Original Message:
Sent: Thu October 20, 2022 01:46 AM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All, 

We are planning to upgrade the QRadar SOAR platform from version v44.2.35 to 45.2.43.
Based on the documentation one of the update is in Integration server
- The minimum version of Python that is supported on the integration server is updated from 3.6.4 to 3.6.9. Python 3.9 is also supported.

Our Integration Server and QRadar SOAR are installed in same Virtual Machine. Currently the installed version of Python is 3.6 in the virtual machine.
We would like to confirm if is it fine to install the Python3.9, will it not affect the QRadar SOAR platform.
What are the additional required packages that we need to install. 

Thank you.

------------------------------
Marc Lainez
------------------------------

Hi Marc,

It's challenging (I don't know if it's even possible) to uninstall python 3.6 and install python 3.9 on the SOAR platform. My recommendation is to continue to use 3.6. It's true that 3.6 has come to its end of life and 3.9 is the preferred environment. But you should find the integration sever environment will still run on 3.6.

There are solutions like pyenv which allow you to install additional python environments without altering the system version. More work is needed to use pyenv with a service (managed by systemctl). But it could be possible to start a script which sets the correct python version in pyenv). 

Cheers,
Mark

------------------------------
Mark Scherfling
------------------------------

Original Message:
Sent: Sun October 23, 2022 11:30 PM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All,

Appreciate your reply on this, in addition do we need to uninstall the existing Python3.6 or we can just install the Python3.9. Then  the QRadar SOAR will handle it in the backend to use the Python3.9. Thank you.

------------------------------
Marc Lainez

Original Message:
Sent: Thu October 20, 2022 01:46 AM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All, 

We are planning to upgrade the QRadar SOAR platform from version v44.2.35 to 45.2.43.
Based on the documentation one of the update is in Integration server
- The minimum version of Python that is supported on the integration server is updated from 3.6.4 to 3.6.9. Python 3.9 is also supported.

Our Integration Server and QRadar SOAR are installed in same Virtual Machine. Currently the installed version of Python is 3.6 in the virtual machine.
We would like to confirm if is it fine to install the Python3.9, will it not affect the QRadar SOAR platform.
What are the additional required packages that we need to install. 

Thank you.

------------------------------
Marc Lainez
------------------------------

Hi Marc,

On a default OVA, logged in as resadmin the command python -V returns Python 2.7.18. This is the base version that SOAR requires. There are plans to increase the version.

It seems that at some point you have installed Python 3.6 on the same server. IBM does not provide steps to do that because we have long recommended that clients use a separate integration server.

I would use this as a time to move from the same server to a separate integration server where you can be sure that any changes you make will not affect SOAR. As Mark said, you could consider using virtual or pyenv to create separate running instances of Resilient Circuits with whatever version of Python you wish. There are discussions in the community relating to virtualenv and pyenv you might find interesting not to mention a plethora of documentation on line.

If versions of Python is a concern then you should consider deploying an App Host which would remove this kind of concern.

------------------------------
BEN WILLIAMS
------------------------------

Original Message:
Sent: Mon October 24, 2022 05:03 PM
From: Mark Scherfling
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi Marc,

It's challenging (I don't know if it's even possible) to uninstall python 3.6 and install python 3.9 on the SOAR platform. My recommendation is to continue to use 3.6. It's true that 3.6 has come to its end of life and 3.9 is the preferred environment. But you should find the integration sever environment will still run on 3.6.

There are solutions like pyenv which allow you to install additional python environments without altering the system version. More work is needed to use pyenv with a service (managed by systemctl). But it could be possible to start a script which sets the correct python version in pyenv). 

Cheers,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Sun October 23, 2022 11:30 PM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All,

Appreciate your reply on this, in addition do we need to uninstall the existing Python3.6 or we can just install the Python3.9. Then  the QRadar SOAR will handle it in the backend to use the Python3.9. Thank you.

------------------------------
Marc Lainez

Original Message:
Sent: Thu October 20, 2022 01:46 AM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All, 

We are planning to upgrade the QRadar SOAR platform from version v44.2.35 to 45.2.43.
Based on the documentation one of the update is in Integration server
- The minimum version of Python that is supported on the integration server is updated from 3.6.4 to 3.6.9. Python 3.9 is also supported.

Our Integration Server and QRadar SOAR are installed in same Virtual Machine. Currently the installed version of Python is 3.6 in the virtual machine.
We would like to confirm if is it fine to install the Python3.9, will it not affect the QRadar SOAR platform.
What are the additional required packages that we need to install. 

Thank you.

------------------------------
Marc Lainez
------------------------------

Hello @BEN WILLIAMS, @Mark Scherfling,

Thank you so much for your suggestions​, maybe we will look for virtual environment due to provisioning of new server is not feasible for now because it involve cost. Have some follow up question, if I will install python3.9(not removing python3.6) it will not affect the SOAR platform right? The SOAR is not dependent to the version of Python because it is java based application? Our setup is Bring Your Own RedHat we install SOAR platform and integration in Azure VM.

​​

------------------------------
Marc Lainez
------------------------------

Original Message:
Sent: Tue October 25, 2022 02:46 AM
From: BEN WILLIAMS
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi Marc,

On a default OVA, logged in as resadmin the command python -V returns Python 2.7.18. This is the base version that SOAR requires. There are plans to increase the version.

It seems that at some point you have installed Python 3.6 on the same server. IBM does not provide steps to do that because we have long recommended that clients use a separate integration server.

I would use this as a time to move from the same server to a separate integration server where you can be sure that any changes you make will not affect SOAR. As Mark said, you could consider using virtual or pyenv to create separate running instances of Resilient Circuits with whatever version of Python you wish. There are discussions in the community relating to virtualenv and pyenv you might find interesting not to mention a plethora of documentation on line.

If versions of Python is a concern then you should consider deploying an App Host which would remove this kind of concern.

------------------------------
BEN WILLIAMS

Original Message:
Sent: Mon October 24, 2022 05:03 PM
From: Mark Scherfling
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi Marc,

It's challenging (I don't know if it's even possible) to uninstall python 3.6 and install python 3.9 on the SOAR platform. My recommendation is to continue to use 3.6. It's true that 3.6 has come to its end of life and 3.9 is the preferred environment. But you should find the integration sever environment will still run on 3.6.

There are solutions like pyenv which allow you to install additional python environments without altering the system version. More work is needed to use pyenv with a service (managed by systemctl). But it could be possible to start a script which sets the correct python version in pyenv). 

Cheers,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Sun October 23, 2022 11:30 PM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All,

Appreciate your reply on this, in addition do we need to uninstall the existing Python3.6 or we can just install the Python3.9. Then  the QRadar SOAR will handle it in the backend to use the Python3.9. Thank you.

------------------------------
Marc Lainez

Original Message:
Sent: Thu October 20, 2022 01:46 AM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All, 

We are planning to upgrade the QRadar SOAR platform from version v44.2.35 to 45.2.43.
Based on the documentation one of the update is in Integration server
- The minimum version of Python that is supported on the integration server is updated from 3.6.4 to 3.6.9. Python 3.9 is also supported.

Our Integration Server and QRadar SOAR are installed in same Virtual Machine. Currently the installed version of Python is 3.6 in the virtual machine.
We would like to confirm if is it fine to install the Python3.9, will it not affect the QRadar SOAR platform.
What are the additional required packages that we need to install. 

Thank you.

------------------------------
Marc Lainez
------------------------------

Hello Ben,

Will also check the app host, it can be installed in the same machine of SOAR platform right? Thanks

------------------------------
Marc Lainez
------------------------------

Original Message:
Sent: Wed October 26, 2022 11:34 PM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hello @BEN WILLIAMS, @Mark Scherfling,

Thank you so much for your suggestions​, maybe we will look for virtual environment due to provisioning of new server is not feasible for now because it involve cost. Have some follow up question, if I will install python3.9(not removing python3.6) it will not affect the SOAR platform right? The SOAR is not dependent to the version of Python because it is java based application? Our setup is Bring Your Own RedHat we install SOAR platform and integration in Azure VM.

​​

------------------------------
Marc Lainez

Original Message:
Sent: Tue October 25, 2022 02:46 AM
From: BEN WILLIAMS
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi Marc,

On a default OVA, logged in as resadmin the command python -V returns Python 2.7.18. This is the base version that SOAR requires. There are plans to increase the version.

It seems that at some point you have installed Python 3.6 on the same server. IBM does not provide steps to do that because we have long recommended that clients use a separate integration server.

I would use this as a time to move from the same server to a separate integration server where you can be sure that any changes you make will not affect SOAR. As Mark said, you could consider using virtual or pyenv to create separate running instances of Resilient Circuits with whatever version of Python you wish. There are discussions in the community relating to virtualenv and pyenv you might find interesting not to mention a plethora of documentation on line.

If versions of Python is a concern then you should consider deploying an App Host which would remove this kind of concern.

------------------------------
BEN WILLIAMS

Original Message:
Sent: Mon October 24, 2022 05:03 PM
From: Mark Scherfling
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi Marc,

It's challenging (I don't know if it's even possible) to uninstall python 3.6 and install python 3.9 on the SOAR platform. My recommendation is to continue to use 3.6. It's true that 3.6 has come to its end of life and 3.9 is the preferred environment. But you should find the integration sever environment will still run on 3.6.

There are solutions like pyenv which allow you to install additional python environments without altering the system version. More work is needed to use pyenv with a service (managed by systemctl). But it could be possible to start a script which sets the correct python version in pyenv). 

Cheers,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Sun October 23, 2022 11:30 PM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All,

Appreciate your reply on this, in addition do we need to uninstall the existing Python3.6 or we can just install the Python3.9. Then  the QRadar SOAR will handle it in the backend to use the Python3.9. Thank you.

------------------------------
Marc Lainez

Original Message:
Sent: Thu October 20, 2022 01:46 AM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All, 

We are planning to upgrade the QRadar SOAR platform from version v44.2.35 to 45.2.43.
Based on the documentation one of the update is in Integration server
- The minimum version of Python that is supported on the integration server is updated from 3.6.4 to 3.6.9. Python 3.9 is also supported.

Our Integration Server and QRadar SOAR are installed in same Virtual Machine. Currently the installed version of Python is 3.6 in the virtual machine.
We would like to confirm if is it fine to install the Python3.9, will it not affect the QRadar SOAR platform.
What are the additional required packages that we need to install. 

Thank you.

------------------------------
Marc Lainez
------------------------------

Hello Mark,

If is it right, if I will use the pyenv I should reinstall the resilient circuit? Thanks

------------------------------
Marc Lainez
------------------------------

Original Message:
Sent: Mon October 24, 2022 05:03 PM
From: Mark Scherfling
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi Marc,

It's challenging (I don't know if it's even possible) to uninstall python 3.6 and install python 3.9 on the SOAR platform. My recommendation is to continue to use 3.6. It's true that 3.6 has come to its end of life and 3.9 is the preferred environment. But you should find the integration sever environment will still run on 3.6.

There are solutions like pyenv which allow you to install additional python environments without altering the system version. More work is needed to use pyenv with a service (managed by systemctl). But it could be possible to start a script which sets the correct python version in pyenv). 

Cheers,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Sun October 23, 2022 11:30 PM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All,

Appreciate your reply on this, in addition do we need to uninstall the existing Python3.6 or we can just install the Python3.9. Then  the QRadar SOAR will handle it in the backend to use the Python3.9. Thank you.

------------------------------
Marc Lainez

Original Message:
Sent: Thu October 20, 2022 01:46 AM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All, 

We are planning to upgrade the QRadar SOAR platform from version v44.2.35 to 45.2.43.
Based on the documentation one of the update is in Integration server
- The minimum version of Python that is supported on the integration server is updated from 3.6.4 to 3.6.9. Python 3.9 is also supported.

Our Integration Server and QRadar SOAR are installed in same Virtual Machine. Currently the installed version of Python is 3.6 in the virtual machine.
We would like to confirm if is it fine to install the Python3.9, will it not affect the QRadar SOAR platform.
What are the additional required packages that we need to install. 

Thank you.

------------------------------
Marc Lainez
------------------------------

Hi Marc,

The SOAR appliance is not dependent on the RHEL OS Python version. Using pyenv is the easiest way to add additional versions of Python without effecting the RHEL version. Once your pyenv environment is set, reinstalling the Python packages for resilient-circuits and your apps would be required. 

On a final note, unfortunately, adding App Host (now Edge Gateway) to the SOAR RHEL platform is not supported. 

Regards,
Mark

------------------------------
Mark Scherfling
------------------------------

Original Message:
Sent: Thu October 27, 2022 01:46 AM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hello Mark,

If is it right, if I will use the pyenv I should reinstall the resilient circuit? Thanks

------------------------------
Marc Lainez

Original Message:
Sent: Mon October 24, 2022 05:03 PM
From: Mark Scherfling
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi Marc,

It's challenging (I don't know if it's even possible) to uninstall python 3.6 and install python 3.9 on the SOAR platform. My recommendation is to continue to use 3.6. It's true that 3.6 has come to its end of life and 3.9 is the preferred environment. But you should find the integration sever environment will still run on 3.6.

There are solutions like pyenv which allow you to install additional python environments without altering the system version. More work is needed to use pyenv with a service (managed by systemctl). But it could be possible to start a script which sets the correct python version in pyenv). 

Cheers,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Sun October 23, 2022 11:30 PM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All,

Appreciate your reply on this, in addition do we need to uninstall the existing Python3.6 or we can just install the Python3.9. Then  the QRadar SOAR will handle it in the backend to use the Python3.9. Thank you.

------------------------------
Marc Lainez

Original Message:
Sent: Thu October 20, 2022 01:46 AM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All, 

We are planning to upgrade the QRadar SOAR platform from version v44.2.35 to 45.2.43.
Based on the documentation one of the update is in Integration server
- The minimum version of Python that is supported on the integration server is updated from 3.6.4 to 3.6.9. Python 3.9 is also supported.

Our Integration Server and QRadar SOAR are installed in same Virtual Machine. Currently the installed version of Python is 3.6 in the virtual machine.
We would like to confirm if is it fine to install the Python3.9, will it not affect the QRadar SOAR platform.
What are the additional required packages that we need to install. 

Thank you.

------------------------------
Marc Lainez
------------------------------

Hello Mark,

This is noted, thank you so much for your help

------------------------------
Marc Lainez
------------------------------

Original Message:
Sent: Thu October 27, 2022 08:21 AM
From: Mark Scherfling
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi Marc,

The SOAR appliance is not dependent on the RHEL OS Python version. Using pyenv is the easiest way to add additional versions of Python without effecting the RHEL version. Once your pyenv environment is set, reinstalling the Python packages for resilient-circuits and your apps would be required. 

On a final note, unfortunately, adding App Host (now Edge Gateway) to the SOAR RHEL platform is not supported. 

Regards,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Thu October 27, 2022 01:46 AM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hello Mark,

If is it right, if I will use the pyenv I should reinstall the resilient circuit? Thanks

------------------------------
Marc Lainez

Original Message:
Sent: Mon October 24, 2022 05:03 PM
From: Mark Scherfling
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi Marc,

It's challenging (I don't know if it's even possible) to uninstall python 3.6 and install python 3.9 on the SOAR platform. My recommendation is to continue to use 3.6. It's true that 3.6 has come to its end of life and 3.9 is the preferred environment. But you should find the integration sever environment will still run on 3.6.

There are solutions like pyenv which allow you to install additional python environments without altering the system version. More work is needed to use pyenv with a service (managed by systemctl). But it could be possible to start a script which sets the correct python version in pyenv). 

Cheers,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Sun October 23, 2022 11:30 PM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All,

Appreciate your reply on this, in addition do we need to uninstall the existing Python3.6 or we can just install the Python3.9. Then  the QRadar SOAR will handle it in the backend to use the Python3.9. Thank you.

------------------------------
Marc Lainez

Original Message:
Sent: Thu October 20, 2022 01:46 AM
From: Marc Lainez
Subject: QRadar SOAR upgrade v44.2.35 to 45.2.43 with Python3.9

Hi All, 

We are planning to upgrade the QRadar SOAR platform from version v44.2.35 to 45.2.43.
Based on the documentation one of the update is in Integration server
- The minimum version of Python that is supported on the integration server is updated from 3.6.4 to 3.6.9. Python 3.9 is also supported.

Our Integration Server and QRadar SOAR are installed in same Virtual Machine. Currently the installed version of Python is 3.6 in the virtual machine.
We would like to confirm if is it fine to install the Python3.9, will it not affect the QRadar SOAR platform.
What are the additional required packages that we need to install. 

Thank you.

------------------------------
Marc Lainez
------------------------------