Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Upgrading QRadar Use Case Manager

 

To take advantage of new capabilities, defect fixes, and updated workflows, upgrade to new versions of the QRadar Use Case Manager app. Use either the Extensions Management tool in QRadar or the QRadar Assistant app to upgrade the app.

You must have an IBM ID to access the IBM Security App Exchange. If you don't have an ID, you can create one by clicking Create IBM ID on the upper right of the IBM Security App Exchange login page.

In QRadar Use Case Manager 2.3.0 or later, the Cyber Adversary Framework Mapping app is no longer required. QRadar Use Case Manager detects the presence of the Cyber Adversary Framework Mapping app and prompts you to uninstall the app on the configuration page. QRadar Use Case Manager gathers any existing mappings from the Cyber Adversary Framework Mapping app during installation. If you continue to use the Cyber Adversary Framework Mapping app to edit MITRE mappings, any new or updated mappings are not added to QRadar Use Case Manager and the data becomes out of sync. If this happens, you must manually export and import the mappings into QRadar Use Case Manager.

  1. If the QRadar Assistant app is configured on QRadar, use the following instructions to install QRadar Use Case Manager: QRadar Assistant app.
  2. If the QRadar Assistant app is not configured, download the QRadar Use Case Manager app archive from the IBM Security App Exchange.

    1. On the Admin tab, click Extension Management.

    2. In the Extension Management page, click Add and select the app archive that you want to upload to the console.

    3. Select the Install immediately checkbox.

      Note

      You might have to wait several minutes before your app becomes active. When the installation is complete, clear your browser cache and refresh the browser window before you use the app.

  3. On the page that prompts you to update the current app version, leave the Replace existing items option selected, and click Install.
  4. After the installation is complete, go to Admin >Apps >QRadar Use Case Manager >Configuration.
  5. On the Configuration page, click Uninstall to remove the Cyber Adversary Framework Mapping app from your environment.

    All of your previous MITRE-mappings are preserved.

  6. After the Cyber Adversary Framework Mapping app is removed, export your MITRE mappings as a backup copy, in case you delete QRadar Use Case Manager later. If you uninstall QRadar Use Case Manager later, all of the mappings are deleted from your environment.

Related Documentation