Skip to content

QRadar® EDR Agent Release Notes

The release notes provide information on new product features, improvements, known issues, and bug fixes. For comprehensive details and guidance, please carefully review the notes below and refer to the QRadar EDR Agent documentation to avoid configuration difficulties.

macOS

  • macOS agent 1.1.0
    • Added a pre-execution block for hash-based blocklisted policies, blocking the process at the kernel level before execution.
    • Added support for YARA rules in DeStra policies.
    • New event support for macOS Ventura and macOS Sonoma: File Created, File Read, File Written, File Renamed, and File Deleted.
    • Added support for sub-technique ID in MITRE ATT&CK framework events.
    • Fixed bug where the file name field was missing in certain event data.
    • Renamed the agent to IBM Security QRadar EDR (previously IBM Security ReaQta).
    • Important: For agents older than macOS agent 1.0.1, upgrade to macOS agent 1.0.1 before updating to macOS agent 1.1.0 to prevent update failures.

Windows

  • Windows agent 3.11.6
    • Added new events in DeStra engine: File Created, File Read, File Written, File Renamed, Registry Value Set, Registry Entry Deleted, and Kerberos Pre-Auth Failed.
    • Added sub-technique ID support in MITRE ATT&CK framework events.
    • Windows 11 version reporting in endpoint details.
    • Migrated certain MITRE ATT&CK event rules to new DeStra policies.
    • Resolved security vulnerabilities.
    • Fixed IPv6 target isolation bug in endpoint isolation. For details, see DT381580.
    • Important: Ensure continued MITRE ATT&CK coverage by enabling new DeStra policies. Enable them on the DeStra page globally or by endpoint group.

Linux

  • Linux agent 0.81.0
    • Added Executable Dropped event support.
    • Added sub-technique ID in MITRE ATT&CK framework events.
    • Integrated YARA rules in DeStra policies.
    • Simplified endpoint installation with kernel module; KMOD_IGNORE_TAINT no longer needed.
    • Enhanced driver preparation and event reports for user authentication and user detail resolution.

Additional Information

For a deeper dive into all the new features, updates, and enhancements in both the latest and previous releases of the IBM QRadar EDR agent, we encourage you to consult the official IBM Security® QRadar® EDR documentation. There, you'll find detailed guidance on implementing the new DeStra policies, configuring updated agent settings, understanding expanded MITRE ATT&CK integrations, and exploring features from earlier versions.