page-brochureware.php

Authorized Program Analysis Reports

QRadar information related to known issues and problem resolutions.

What are APARs?

QRadar uses Authorized Program Analysis Reports (APARs) to track issues reported by users. These problem reports include the status of the issue for the end user, either as an OPEN or CLOSED problem. This page is intended to help users locate known issues who have not yet subscribed to IBM My Notifications or to view alerts on APARs that QRadar Support feels are important.

Searching the APAR table

We created a table to make APARs more searchable for users and administrators. The search field in the table below allows you to search for specific versions or keywords. Administrators who want to filter by a specific version can type in their version, such as 7.3.2, 7.3.1 Patch 5, or terms like WinCollect to search the table for issues. Common search terms (not case sensitive):

  • 7.3.2
  • Search, reports, app framework, wincollect, rules, offenses
  • Combination of keyword and status: wincollect open
  • “7.3.1 Patch 8” offenses
  • “7.3.2 Interim Fix 01” API
  • “7.3.2 Patch 1”

This APAR list is manually updated weekly as APARs are released. Last update April 15, 2019.
Component Number Description Status More information Date
OFFENSE SEARCH – ASSIGNED TO USER IJ11954 ASSIGNING USERNAME THAT CONTAINS @ CHARACTER TO THE PARAMETER “ASSIGNED TO USER” IN OFFENSE SEARCH RESETS TO DEFAULT (ALL) CLOSED Resolved in QRadar 7.3.2 Patch 1 31 December 2018
QVM – SCAN EXPORTS IJ10677 IN QRADAR VULNERABILITY MANAGER, SCAN RESULT EXPORTS CAN BE MISSING SOME VULNERABILITY DATA CLOSED Resolved in QRadar 7.3.2 Patch 1 23 October 2018
QVM – SCAN PROFILE IJ10592 IN QRADAR VULNERABILITY MANAGER SCAN PROFILES, VULNERABILITY SCAN DAYS ARE DISPLAYED DIFFERENTLY THAN CONFIGURED CLOSED Resolved in QRadar 7.3.2 Patch 1 22 October 2018
QUICK SEARCH IV91635 QUICK SEARCHES CANNOT BE REMOVED FROM THE QUICK SEARCH LIST CLOSED Resolved in QRadar 7.3.1 Patch 3 and QRadar 7.3.2 Patch 1 4 April 2018
INSTALL IJ01116 QRADAR 7.3.0 DURING INSTALLATION, MAY NOT ALLOW ROOT PASSWORD TO USE SPECIAL CHARACTERS CLOSED Resolved in QRadar 7.3.2 Patch 1 26 April 2018
UPGRADE IJ14473 ‘DETECT CONFLICTING HOSTNAMES ON SYSTEM’ FAILED.” DURING QRADAR PATCHING CLOSED Resolved in QRadar 7.3.2 Patch 1 09 January 2019
AQL – ASSETHOSTNAME IJ12225 AQL QUERIES FOR ASSETHOSTNAME RETURN PREVIOUS HOSTNAME INSTEAD OF CURRENT HOSTNAME TRANSITIONING TO CLOSED, OPEN FOR 7.3.1 VERSIONS Resolved in QRadar 7.3.2 Patch 1 09 January 2019
ASSET TAB – DELETE ASSET IJ13341 ‘APPLICATION ERROR’ CAN OCCUR WHEN DELETING AN ASSET IN PENDING STATE CLOSED Resolved in QRadar 7.3.2 Patch 1 13 February 2019
API / APP PERFORMANCE IJ14947 QRADAR USER INTERFACE CAN BECOME UNRESPONSIVE DUE TO TOMCAT RUNNING OUT OF OPEN FILE HANDLES CLOSED Resolved in QRadar 7.3.2 Interim Fix 01 and QRadar 7.3.2 Patch 1 22 March 2019
OFFENSE SEARCH IV92376 ASSIGNING USERNAME THAT CONTAINS @ CHARACTER TO THE PARAMETER “ASSIGNED TO USER” IN OFFENSE SEARCH RESETS TO DEFAULT (ALL) CLOSED Resolved in QRadar 7.3.1 Patch 8 31 December 2018
SERVICES IJ13340 EVENTS CAN SOMETIMES BE DROPPED DUE TO A CONNECTION ISSUE BETWEEN ECS-EC-INGRESS AND TCP_TO_EC QUEUE CLOSED Resolved in QRadar 7.3.1 Patch 8 21 February 2019
VULNERABILITY SEARCH IJ13324 ‘APPLICATION ERROR’ IS GENERATED WHEN SOME SPECIAL CHARACTERS ARE ENTERED INTO A “MY ASSIGNED VULNERABILITIES” SEARCH CLOSED Resolved in QRadar 7.3.1 Patch 8 11 February 2019
OFFENSE STATUS IJ12883 SIM RESET CAUSING OFFENSES TO BECOME INACTIVE CAN SOMETIMES OCCUR WHEN MULTIPLE DEPLOY FUNCTIONS ARE PERFORMED CLOSED Resolved in QRadar 7.3.1 Patch 8 28 January 2019
FIREWALL RULE COUNTS IJ12122 QRADAR RISK MANAGER – COUNTING FAILS FOR NON-CISCO FIREWALLS WHERE EVENTS HAVE NO ASSOCIATED RULE ID CLOSED Resolved in QRadar 7.3.1 Patch 8 17 December 2018
NETWORK INTERFACE IJ12108 NAPATECH SERVICE CAN FAIL WITH ‘ADAPTER 0: ERROR DETECTED ON BONDING INTERFACE. NIF LBW ERROR = 0X4’ IN MESSAGES CLOSED Resolved in QRadar 7.3.2 and QRadar 7.3.1 Patch 8 31 December 2018
SERVICES / GEOGRAPHIC DATA IJ12107 EXCEPTION THROWN AFTER MAXMIND DATABASE IS UPDATED CAN CAUSE MULTIPLE QRADAR PROCESSING ISSUES CLOSED Resolved in QRadar 7.3.1 Patch 8 28 January 2019
FORWARDING / ROUTING RULES IJ12098 FORWARDING EVENTS WITH LARGE PAYLOADS CAN CAUSE A MESSAGESIZEEXCEPTION ON THE TARGET APPLIANCE CLOSED Resolved in QRadar 7.3.1 Patch 8 and QRadar 7.3.2 Patch 1 31 December 2018
VULNERABILTY SCAN IJ11978 QRADAR VULNERABILITY MANAGER – VULNERABILITY SCAN RESULTS ONLY GENERATE FOR ONE INSTANCE OF A SERVICE RUNNING ON MORE THAN ONE PORT CLOSED Resolved in QRadar 7.3.1 Patch 8 and QRadar 7.3.2 Patch 1 10 December 2018
ASSET SEARCH IJ11922 ADDITIONAL FILTERS CANNOT BE ADDED TO A LOADED ASSET SAVED SEARCH CLOSED Resolved in QRadar 7.3.1 Patch 8 31 December 2018
SERVICES IJ11494 QRADAR NETWORK INSIGHTS (QNI) DECAPPER ‘OUT OF MEMORY’ INSTANCES CAUSED BY ‘MYSPACE’ INSPECTOR CLOSED Resolved in QRadar 7.3.1 Patch 8 and QRadar 7.3.2 Patch 1 30 November 2018
LOG SOURCE INTERFACE IJ11493 LOG SOURCE WINDOW CAN TAKE MINUTES TO LOAD DUE TO THREAD LOCK CLOSED Resolved in QRadar 7.3.1 Patch 8 27 November 2018
REFERENCE DATA IJ11490 REFERENCE SET IS NOT PURGED AFTER TIME TO LIVE EXPIRES WHEN ‘DO NOT LOG ELEMENTS’ IS SELECTED AT CREATION CLOSED Resolved in QRadar 7.3.1 Patch 8 30 November 2018
LOG SOURCE – ORACLE IJ11423 ORACLE LOG SOURCES CAN DISPLAY AS STATUS ‘SUCCESS’ BUT ARE NOT REPORTING (ORAI18N-10.2.0.JAR REMOVAL) CLOSED Resolved in QRadar 7.3.1 Patch 8 31 December 2018
DASHBOARD – VULNERABILITY SEARCH IJ11242 DASHBOARDS USING A SAVED VULNERABILITY SEARCH CONTAINING A REFERENCE SET CAN SOMETIMES BE BLANK CLOSED Resolved in QRadar 7.3.1 Patch 8 19 November 2018
EXPORT – CSV IJ11204 QRADAR VULNERABILITY MANAGER – COUNTS AND RESULTS CAN BE INCONSISTENT AND DO NOT MATCH CSV EXPORTS CLOSED Resolved in QRadar 7.3.1 Patch 8 13 November 2018
TUNNELS – ENCRYPTION IJ11168 QRADAR INCIDENT FORENSICS – ENCRYPTED INCIDENT FORENSICS APPLIANCES ARE MISSING THE REQUIRED HTTPS TUNNEL CONFIGURATION CLOSED Resolved in QRadar 7.3.1 Patch 8 and QRadar 7.3.2 Patch 1 30 November 2018
HIGH-AVAILABILITY (HA) – APP FRAMEWORK IJ11030 QRADAR APPS CAN FAIL TO LOAD AFTER FAILOVER TO SECONDARY CLOSED Resolved in QRadar 7.3.1 Patch 8 27 November 2018
QFLOW IJ10867 FLOWS CAN APPEAR WITH EQUAL SOURCE AND DESTINATION BYTESAND PACKETS FOR IANA INFORMATION ELEMENTS 23 AND 240 CLOSED Resolved in QRadar 7.3.2 and Resolved in 7.3.1 Patch 8 11 February 2019
USER ROLES – RIGHT-CLICK IJ10829 ENHANCED RIGHT-CLICK MENU IS ENABLED FOR USERS WITHOUT ‘IP RIGHT CLICK MENU EXTENTIONS’ PERMISSION CLOSED Resolved in QRadar 7.3.1 Patch 8 and QRadar 7.3.2 Patch 1 31 December 2018
FLOWS IJ10747 NETFLOW V9 AND IPFIX TCP FLAGS ARE MISSING OR INCORRECT WHEN A SINGLE BYTE ENCODING IS USED CLOSED Resolved in 7.3.1 Patch 8 1 November 2018
OFFENSE – PERFORMANCE IJ10694 OFFENSE PAGES IN THE QRADAR USER INTERFACE CAN BE SLOW TO LOAD WHEN LARGE NETWORK HIERARCHIES EXIST CLOSED Resolved in QRadar 7.3.1 Patch 8 15 November 2018
REPORTS IJ10645 REPORTS GENERATED BASED ON A SAVED SEARCH DISPLAY ‘OTHER’ IN THE ‘DESTINATION NETWORK’ FIELD CLOSED Resolved in 7.3.1 Patch 8 and QRadar 7.3.2 Patch 1 01 November 2018
OFFENSE – PERFORMANCE IJ10622 OFFENSES TAB CAN BE SLOW TO LOAD THE USER INTERFACE WHEN HISTORICAL CORRELATION PROFILES EXIST CLOSED Resolved inQRadar 7.3.1 Patch 8 and QRadar 7.3.2 Patch 1 01 November 2018
REPORTS IJ10609 “NO DATA FOR CHART” IN TIMESERIES REPORT WHEN ‘TIME’ VARIABLE IS THE HORIZONTAL AXIS CLOSED Resolved in QRadar 7.3.1 Patch 8 02 November 2018
API – /SIEM/OFFENSES IJ10603 API CALLS TO THE OFFENSE MODEL FOR SOURCE_ADDRESSES/ID AND LOCAL_DESTINATION_ADDRESSES/ID CAN TAKE TOO LONG CLOSED Resolved in QRadar 7.3.1 Patch 8 01 November 2018
OFFENSE SEARCH IJ10580 CONVERTING FROM LOG MANAGER TO SIEM RESETS DATA RETENTION SETTINGS TO DEFAULT – DATA LOSS CAN OCCUR CLOSED Resolved in QRadar 7.3.1 Patch 8 15 November 2018
ADMIN – ASSET PROFILES IJ10402 ‘AN ERROR HAS OCCURRED. REFRESH YOUR BROWSER (PRES F5)’ WHEN ACCESSING THE ‘ASSET PROFILER CONFIGURATION’ INTERFACE FROM THE ADMIN TAB CLOSED Resolved in 7.3.1 Patch 8 and QRadar 7.3.2 Patch 1 31 October 2018
RULES – SUPERFLOWS IJ10372 [CUSTOM CRE] SUPERFLOWS DO NOT COUNT TOWARDS DOUBLE MATCH COUNT RULES CLOSED Resolved in 7.3.1 Patch 8 and QRadar 7.3.2 Patch 1 12 October 2018
SEARCH – NETWORK ACTIVITY IJ10110 ‘THE SERVER ENCOUNTERED AN ERROR READING ON OR MORE FILES’ WHEN PERFORMING A NETWORK ACTIVITY SEARCH AFTER UPGRADE CLOSED Resolved in QRadar 7.3.1 Patch 8 07 October 2018
NETWORK HIERARCHY IJ09228 ‘AN ERROR OCCURRED STRING INDEX OUT OF RANGE’ WHEN EXPANDING OR COLLAPSING NETWORK HIERARCHY CLOSED Resolved in QRadar 7.3.1 Patch 8 16 October 2018
SERVICES – FLOW PROCESSORS IJ09226 [EC] FLOW PROCESSORS (17XX) WITH MANY CONNECTED FLOW COLLECTOR (12XX/13XX) APPLIANCES CAN RUNOUT OF OPEN FILE HANDLES FOR THE ECS-EC PROCESS CLOSED Resolved in QRadar 7.3.1 Patch 8 03 October 2018
OFFENSES TAB – DISPLAY IJ09219 UNABLE TO VIEW OFFENSE ‘CATEGORY NAME’ COLUMN DATA AND ‘NETWORK’ COLUMN DATA IN ASSOCIATED OFFENSES TAB VIEWS CLOSED Resolved in QRadar 7.3.1 Patch 8 15 October 2018
ASSET TAB – DISPLAY IJ09053 SOME FIELD DETAILS THAT ARE DISPLAYED IN THE ASSET SUMMARY WINDOW ARE NOT DISPLAYED IN THE ASSET TABLE WINDOW CLOSED Resolved in QRadar 7.3.1 Patch 8 and QRadar 7.3.2 Patch 1 16 October 2018
SERVICES / GEOGRAPHIC DATA IJ09018 CRE PROCESSOR THREADS CAN DIE WHEN THE MAXMIND DATABASE IS UPDATED VIA AUTO UPDATE CLOSED Resolved in QRadar 7.3.1 Patch 8 and QRadar 7.3.2 13 December 2018
ADVANCED SEARCH (AQL) IJ08960 ADVANCED SEARCH (LOG ACTIVITY) CAN FAIL WHEN CALCULATING EPS AND SORTING ON EPS Closed as suggestion for future release. Thrown “ArithmeticException: divide by zero” is expected behaviour for this query. This behaviour is consistent with industry standard SQL engines. The workaround is to not divide by zero.
For AQL like:
( max(endTime) - min(startTime) )

change the query to:
( max(endTime) - min(startTime)  + 1)
18 December 2018
OFFENSES – DISPLAY IJ08399 THE OFFENSE SUMMARY PAGE CAN SOMETIMES TAKE LONGER THAN EXPECTED TO DISPLAY A SINGLE OFFENSE (60 SECONDS) CLOSED Resolved in QRadar 7.3.1 Patch 8 26 September 2018
APP NODE IJ03980 FAILED/UNRECOVERABLE APP NODE CANNOT BE REMOVED FROM QRADAR USER INTERFACE CLOSED Resolved in QRadar 7.3.1 Patch 8 25 May 2018
RULES – PERFORMANCE IJ06484 RULES CONTAINING TESTS AGAINST GEOGRAPHIC LOCATION CAN SOMETIMES CAUSE NEGATIVE CRE PIPELINE PERFORMANCE CLOSED Resolved in QRadar 7.3.1 Patch 8 18 May 2018
RULES – RESPONSE LIMITER IJ02748 ‘PLEASE ENTER A VALID OPTION PER INDEX’ MESSAGE DISPLAYED WHEN ATTEMPTING TO SET A RULE RESPONSE LIMITER ON AN OFFENSE CLOSED Resolved in QRadar 7.3.1 Patch 8 21 December 2017
HIGH-AVAILABILITY (HA) IJ02465 ISSUES CAN BE ENCOUNTERED AFTER PATCHING A HIGH AVAILABILITY PRIMARY HOST THAT WAS REBUILT USING HA RECOVERY PROCEDURE CLOSED Resolved in QRadar 7.3.1 Patch 8 13 December 2017
CSV EXPORT IJ02468 EXPORT TO CSV CONTAINING NUMBERS WITH A SPACE SEPARATOR CAN DISPLAY INCORRECTLY IN MICROSOFT EXCEL OPEN: Reported in 7.2.8 and 7.3.1 versions No workaround available. 13 December 2017
REFERNCE DATA IJ01874 ASSOCIATED RULES COUNT IN THE REFERENCE SET MANAGEMENT USER INTERFACE CAN APPEAR DIFFERENT THAN REFERENCE SET EDITOR SCREEN OPEN: Reported in 7.2.8 and 7.3.1 versions No workaround available. 18 January 2018
RULES IV93954 RULE TEST ‘WHEN AT LEAST [N] EVENTS ARE SEEN WITH THE SAME [PROPERTIES] IN [X] [MIN|HR|DAYS]’ NOT FIRING WHEN EXPECTED REOPENING: Reported in multiple QRadar versions. No workaround / Workaround / Resolved in X. 26 February 2019
PORT ORDER IJ13900 QRADAR NETWORK INSIGHTS: INCORRECT NETWORK PORT ORDER DISPLAYED IN ‘CONFIGURE QNI PORTS’ WINDOW COMPARED TO THE BACK OF THE QNI APPLIANCE OPEN: Reported in QRadar 7.3.1 and 7.3.2. No workaround available.
NOTE: Documentation updated to indicate the correct or expected port order for 1901, 1920 and 1920-C.
25 February 2019
DOMAIN MANAGEMENT IJ13244 EXCEPTION GENERATED IN QRADAR LOGGING WHEN CUSTOM EVENT PROPERTIES (CEP) ARE ADDED TO A DOMAIN OPEN: Reported in QRadar 7.3.2 No workaround available. Log keywords:
QRadar.saveDomain
com.q1labs.frameworks.session.SessionContext
[ERROR] leak(s) detected in session context
26 February 2019
CUSTOM ACTIONS IJ03208 CUSTOM ACTION PARAMETER SCRIPT ORDERING IS NOT HONORED CLOSED Resolved in QRadar 7.3.2 26 January 2018
DISK SPACE IJ12276 LUCENE INDEXES ARE NOT REMOVED BY ROUTINE QRADAR DISK MAINTENANCE TRANSITIONING TO CLOSED Resolved in QRadar 7.3.2 and QRadar 7.3.1 Patch 8 11 February 2019
NETWORK ACTIVITY SEARCH IJ10110 ‘THE SERVER ENCOUNTERED AN ERROR READING ON OR MORE FILES’ WHEN PERFORMING A NETWORK ACTIVITY SEARCH AFTER UPGRADE TRANSITIONING TO CLOSED No workaround available. 11 February 2019
NETWORK INTERFACE IJ12108 QRADAR NETWORK INSIGHTS – NAPATECH SERVICE CAN FAIL WITH ‘ADAPTER 0: ERROR DETECTED ON BONDING INTERFACE. NIF LBW ERROR = 0X4’ IN MESSAGES TRANSITIONING TO CLOSED Resolved in QRadar 7.3.2 11 December 2018
NETWORK INTERFACE – FIRMWARE IJ12105 QRADAR NETWORK INSIGHTS – NAPATECH3 SERVICE CAN FAIL ON NETWORK INSIGHTS APPLIANCES DUE TO FIRMWARE UPGRADE TEST SCRIPT TRANSITIONING TO CLOSED Resolved in QRadar 7.3.2 and QRadar 7.3.1 Patch 8 11 February 2019
NETWORK INTERFACE IJ11384 QRADAR NETWORK INSIGHTS – NAPATECH3 SERVICE CAN DIE WHEN MULTIPLE NETWORK INSIGHTS APPLIANCES ARE IN A STACKED CONFIGURATION TRANSITIONING TO CLOSED Resolved in QRadar 7.3.2 and QRadar 7.3.1 Patch 8 11 February 2019
FLOW DATA – NETFLOW / IPFIX IJ11163 NETFLOW V9 / IPFIX INITIATOR/RESPONDER OCTET/PACKET FIELD DATA IS NOT PROCESSED BY QRADAR CLOSED Resolved in QRadar 7.3.2 11 February 2019
USER INTERFACE / LOGIN IJ10166 USERS CANNOT LOG INTO QRADAR DUE TO THREAD DEADLOCK CLOSED This issue resolved in QRadar 7.3.1 Patch 7 and QRadar 7.3.1 Patch 6 Interim Fix 2. 29 November 2018
SEARCHES IJ10862 EXPORTED ASSET SEARCHES CONTAINING A NETWORK FILTER CAN GENERATE BLANK XML OR CSV FILES OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
REPORTS IJ05334 TABLE REPORT VALUE FORMATTING CAN DISPLAY INCORRECTLY FOR AQL AGGREGATED DATA CLOSED This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
FLOWS IJ08471 QRADAR NETWORK INSIGHTS CONTENT FLOWS ARE COUNTED AGAINST FLOW LICENSE WHEN THEY SHOULDN’T BE OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
UPGRADES IJ08432 BACKLEVEL JTDS JAR FILES IN QRADAR 7.3.1 CAN SOMETIMES CAUSE AN OUT OF MEMORY WITH ECS-EC-INGRESS PROCESS OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
OFFENSES IJ09017 OFFENSES NOT GENERATED WHEN USING A CUSTOM EVENT PROPERTY AS OFFENSE INDEX IN HISTORICAL CORRELATION OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
REPORTS IJ09036 AQL QUERY WITH AN AGGREGATE THAT IS RUN AGAINST A CURSOR THAT CONTAINS AN AGGREGATE FAILS WITH ‘GENRAL FAILURE’ OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
DASHBOARD IJ08228 CREATING AN AQL QUERY WITH A SUB-SELECT CAN CAUSE DASHBOARD TIMESERIES TO FAIL DUE TO THE GLOBAL VIEW CREATED CLOSED This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
FLOWS IJ11163 NETFLOW V9 / IPFIX INITIATOR/RESPONDER OCTET/PACKET FIELD DATA IS NOT PROCESSED BY QRADAR OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
FLOWS IJ10158 QRADAR NETWORK INSIGHTS (QNI) DECAPPER ‘OUT OF MEMORY’ INSTANCES CAUSED BY MULTIPLE INSPECTOR COMPONENTS OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
APPLIANCES IJ00712 A STANDBY HA MANAGED HOST REBUILT FROM THE RECOVERY IMAGE MAY NOT MERGE /STORE/TRANSIENT CORRECTLY CAUSING HA ISSUES OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
EVENTS IJ04898 GEOGRAPHIC COUNTRY/REGION INDEXING CAN CAUSE UNEXPECTED EVENT COLLECTION INTERRUPTION WHEN GEODATA UPDATES OCCUR OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
APPLIANCES IJ03438 /OPT/QRADAR/SUPPORT CAN RUN OUT OF FREE SPACE AFTER UPGRADE DUE TO A LARGE NUMBER OF FAILED REPLICATION FILES OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
OFFENSES IJ10545 OFFENSE SOURCE SUMMARY DISPLAYS INCORRECTLY FOR OFFENSES INDEXED ON REGEX CUSTOM PROPERTIES WITH FIELD TYPE “IP” OPEN (Transitioning to closed) Resolved in QRadar 7.3.1 Patch 7 and QRadar 7.2.8 Patch 14 29 November 2018
UPGRADES IJ10818 CHANGES MADE TO LOGROTATE IN QRADAR 7.3.1 PATCH 6 CAN CAUSE /VAR/LOG AND OR /OPT TO RUN OUT OF FREE SPACE OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
EVENTS IJ03211 HOSTCONTEXT SERVICES CAN FAIL TO START DURING A HIGH AVAILABILITY (HA) FAILOVER TO SECONDARY EP/FP APPLIAN OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
DATA IJ08827 HOSTCONTEXT STARTUP ON A MANAGED HOST CAN OCCUR PRIOR TO DATABASE VERIFICATION OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
DEVICES IV93144 QRADAR RISK MANAGER DEVICE BACKUPS CAN FAIL WHEN THERE IS AN EMPTY VALUE IN AN PROTOCOL CONFIGURATION ADDRESS SET OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
SCANS IV99512 CONCURRENT SCHEDULED SCANS THAT INCLUDE IP EXCLUSIONS CAN FAIL TO START AT THE SCHEDULED TIME CLOSED Resolved in QRadar 7.3.1 Patch 7 and QRadar 7.3.2 Patch 1 29 November 2018
SCANS IV91226 QVM SCAN CAN FAIL TO START/PROGRESS WHEN THERE ARE A LARGE NUMBER OF IP ADDRESS SCAN EXCLUSIONS DUE TO A POSTGRES EXCEPTION Transitioning to closed This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
REPORTS IJ09183 VULNERABILITY TRENDING REPORTS CAN SOMETIMES BE BLANK OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
SEARCHES IJ08226 CLICKING ‘VIEW IN BY’ IN A VULNERABILITY SEARCH DASHBOARD NAVIGATES TO INCORRECT QRADAR WINDOW OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
SCANS IJ07030 VULNERABILITY SCANS EXPERIENCE A DELAY PRIOR TO COMMENCING WHEN A HIGH NUMBER OF IP EXCLUSIONS ARE DEFINED CLOSED This issue resolved in QRadar 7.3.1 Patch 7 and QRadar 7.3.2 Patch 1 29 November 2018
SCANS IJ03246 QRADAR VULNERABILITY MANAGER – ALL SCHEDULED SCANS THAT RUN ON DECEMBER 1ST START AT MIDNIGHT NO MATTER WHAT TIME THEY ARE CONFIGURED TO START OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
DATA / RULES IJ10999 UPDATES TO REFERENCE DATA USING CUSTOM EVENT PROPERTIES (CEP) CAN CAUSE CEP AND RULES TO BE RELOADED/TMP CLOSED Resolved in QRadar 7.3.1 Patch 7 and QRadar 7.3.2 Patch 1 29 November 2018
OFFENSES IJ10070 QRADAR CAN STOP GENERATING OFFENSES DUE TO AN INCORRECT NULL CHECK OPEN (Transitioning to closed) This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
RULES IJ08227 CUSTOM RULE ENGINE DOES NOT USE LOG SOURCES CONTAINED IN ‘OTHER’ LOG SOURCE GROUP FOR FUNCTIONAL TEST PARAMETERS CLOSED This issue resolved in QRadar 7.3.1 Patch 7 29 November 2018
USER INTERFACE IJ10532 WINCOLLECT AGENT ‘LAST HEARTBEAT’ STATUS DISPLAYS AS “UNAVAILABLE” WHEN WORKING AS EXPECTED OPEN (Transitioning to closed) Resolved in QRadar 7.3.1 Patch 6 Interim Fix 2 and QRadar 7.3.1 Patch 7 29 November 2018
DEPLOYMENT IJ10514 QRADAR VULNERABILITY MANAGER DEPLOY FUNCTION STAYS AT "INITIATING DEPLOYMENT" AFTER A MANUAL OR AUTOMATIC AUTOUPDATE CLOSED This issue resolved in QRadar 7.3.1 Patch 6 Interim Fix 2 24 October 2018
FLOWS IJ08471 QRADAR NETWORK INSIGHTS CONTENT FLOWS ARE COUNTED AGAINST FLOW LICENSE WHEN THEY SHOULDN’T BE CLOSED This issue resolved in QRadar 7.3.1 Patch 6 Interim Fix 2 24 October 2018
FLOWS IJ08471 QRADAR NETWORK INSIGHTS CONTENT FLOWS ARE COUNTED AGAINST FLOW LICENSE WHEN THEY SHOULDN’T BE OCLOSED This issue resolved in QRadar 7.3.1 Patch 6 Interim Fix 1 9 October 2018
FLOWS IJ10158 QRADAR NETWORK INSIGHTS (QNI) DECAPPER ‘OUT OF MEMORY’ INSTANCES CAUSED BY MULTIPLE INSPECTOR COMPONENTS CLOSED This issue resolved in QRadar 7.3.1 Patch 6 Interim Fix 1 9 October 2018
UPGRADES IJ09572 PATCH/UPGRADE TO QRADAR 7.3.1 PATCH 6 CAN HANG FOR AN EXTENDED PERIOD OF TIME (HOURS) WITH VULN_MAP_ASSET_MV DOES NOT EXIST CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
DOMAINS IJ07713 QRADAR DOES NOT ALLOW ALL TOP LEVEL DOMAINS IN EMAIL ADDRESS DATA VALIDATION, CAN RETURN ‘EMAIL ADDRESS IS NOT VALID’ CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
USER INTERFACE IJ06980 DASHBOARDS AND/OR QUICK SEARCHES CAN DISAPPEAR AFTER MODIFICATIONS HAVE BEEN MADE TO USER SETTINGS CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
SEARCHES IV54692 EVENT SEARCHES THAT FILTER BY THE EVENT PROCESSOR MIGHT DISPLAY UNEXPECTED GRAPH RESULTS CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
REPORTS IJ07276 RTF FORMATTED REPORTS CAN FAIL TO GENERATE WITH A NULLPOINTEREXCEPTION DISPLAYED IN THE LOGS CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
SEARCHES IJ07123 INCONSISTENT RESULTS FOR ASSET SEARCHES ‘ASSETS WITH OPEN SERVICE = DNS’ VS ‘ASSETS WITH OPEN SERVICE = DOMAIN’ CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
REPORTS IJ06862 REPORT RUNNER OUT OF MEMORY CAN OCCUR WHILE ATTEMPTING TO GENERATE VERY LARGE TABLE CHART PDF REPORTS CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
SEARCHES IJ06807 MODIFYING THE START TIME FOR A LOG ACTIVITY SEARCH CAUSES A BLANK UI WINDOW FOR SOME QRADAR USER LOCALES CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
ASSETS IJ05767 WHEN AN ASSET’S ‘GIVEN NAME’ IS SET ON THE ‘EDIT ASSET PROFILE’ WINDOW, IT CAN NO LONGER BE EDITED SUCCESSFULLY CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
ASSETS IJ05756 WHEN AN ASSET HAS A ‘GIVEN NAME’ ASSIGNED, ANY SUBSEQUENT ASSET NAME CHANGES DO NOT OCCUR IN ‘EDIT ASSET PROFILE’ WINDOW CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
SEARCHES IJ00800 "HTTP ERROR 400" ERROR WHEN DRILLING DOWN INTO SEARCH RESULTS USING INTERNET EXPLORER 11 AND EDGE WEB BROWSER CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
OFFENSES IV90797 DISPLAYING OFFENSE COUNT BY CATEGORY AND/OR NETWORK DOES NOT RESPECT USER ACCOUNT DOMAIN CONFIGURATION CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
EVENTS IJ07456 EVENT DATA FROM SPILLOVER QUEUE CAN SOMETIMES FAIL TO PARSE WHEN PROCESSED BY THE REGULAR QRADAR PIPELINE CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
HOSTS IJ07127 QRADAR HOSTS CAN TAKE A LONGER THAN EXPECTED TIME TO RECONNECT AFTER A VPN CONNECTION RESET OR INTERRUPTION HAS OCCURRED CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
QUERIES IJ06633 SNMPD DAEMON CRASH OCCURS WHEN PERFORMING A WIDE QUERY CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
DATA IJ02816 APPLICATION DATA CONTINUES TO BE SENT TO THE ASSET MODEL AFTER DISABLING ‘CLIENT APPLICATION PROFILING’ CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
DASHBOARD IJ05151 DASHBOARD WIDGETS AND REPORTS CAN BE EMPTY AFTER A COMPLETED UPGRADE FROM 7.2.8P1+ TO 7.3.0+ OR 7.3.1+ CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
DATA IJ03225 DATA BACKUPS CAN TAKE LONGER THAN EXPECTED OR FAIL TO COMPLETE CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
EVENTS IJ02598 MISSING THE FILE /STORE/PERSISTENT_QUEUE/ECS-EC.ECS-EC CAUSES EVENT PROCESSING/STORAGE TO FAIL CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
SERVICES IJ07138 QRADAR INCIDENT FORENSICS – PACKET CAPTURE FAILS DUE TO NAPATECH3 SERVICE FAILING TO START CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
FLOWS IJ08089 QFLOW PROCESS CAN FAIL ON A MANAGED HOST WHILE APPENDING MESSAGE TEXT SEQUENCE NUMBERS WHEN RECEIVING NETFLOW CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
RULES IJ04902 GEOGRAPHIC RULE TESTS CONTAINING COUNTRIES WITH SPACES IN THEIR NAMES (MULTIPLE WORDS) ARE NOT BEING MATCHED CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
USER INTERFACE IJ04174 APPS TABS CAN BE SLOW TO LOAD AND/OR OR FAIL TO LOAD IN THE USER INTERFACE DUE TO DOCKER FREE SPACE PROVISIONING CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
LOG SOURCES IV87195 SOME QRADAR CONFIGURATIONS CONTAINING A LARGE NUMBER OF LOG SOURCES CAN SOMETIMES EXPERIENCE PERFORMANCE DEGRADATION CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
DATA IJ06757 IMPORTED REFERENCE DATA DOES NOT EXPIRE AT ITS TIME TO LIVE WHEN THE REFERENCE DATA STRUCTURE IS IMPORTED USING CMT CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
DATABASE IJ04182 CONTENT MANAGEMENT TOOL CAN FAIL DURING THE IMPORT OF CUSTOM_ACTION TABLES CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
UPGRADES IV99773 QRADAR DEPLOY FUNCTION REQUIRED AFTER UPGRADE CAN FAIL IF THERE IS NOT ENOUGH FREE SPACE IN /TMP CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
UPGRADES IJ07254 BUILD OR REBUILD OF A DISCONNECTED HIGH AVAILABILITY (HA) SECONDARY APPLIANCE (500) FROM QRADAR 7.2.8P1 TO 7.3.1 CAN FAIL CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
LOGS IJ06866 LOG ROTATE NEEDS TO RUN MORE FREQUENTLY CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
QUERIES IJ06633 SNMPD DAEMON CRASH OCCURS WHEN PERFORMING A WIDE QUERY CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
APPLIANCES IJ06268 DBUS COMPONENT OF SYSTEMD CAN SOMETIMES ENTER A HUNG STATE CAUSING SOME RHEL COMMANDS TO FAIL TO RUN AS EXPECTED CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
UPGRADES IJ06082 QRADAR UPGRADE TO 7.3.1.X CAN FAIL DURING THE INSTALLATION PROCESSES INCLUDED WITHIN "34-POSTGRESQL-UPGRADE.SH" CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
SEARCHES IJ06148 ‘THERE WAS AN ERROR DOWNLOADING THIS ITEM’ MESSAGE WHEN USING AN AQL SEARCH WITH TABLE, BAR, OR PIE CHARTS FOR A DASHBOARD CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
APPLIANCES IJ02752 RUNNING THE QFLOW_DTLS_CERT_SETUP.PY AS PART OF A QNI APPLIANCE SETUP CAN FAIL CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
BACKUP IJ06480 RISK MANAGER BACKUP PROCESS FAILS WHEN IT IS INSTALLED ON A QRADAR SOFTWARE INSTALL VS APPLIANCE INSTALL CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
SIMULATIONS IJ06008 QRADAR RISK MANAGER SIMULATION CAN FAIL WITH ‘NO RESULTS’ IN THE SIMULATIONS SCREEN CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
SEARCHES IJ06914 LEFT AND RIGHT KEYBOARD ARROW KEYS DO NOT RESPOND APPROPRIATELY WHILE BEING USED WITHIN SOME QRADAR SEARCH FIELDS CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
DEVICES IJ03313 QRADAR VULNERABILITY MANAGER – ‘APPLICATION ERROR’ WHEN PERFORMING A NORMALIZED DEVICE COMPARISON FOR A PALO ALTO DEVICE CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
LICENSES IJ01180 VULNERABILITY MANAGER ‘TRY IT OUT’ ICON IS STILL PRESENT AFTER APPLYING A PROPER VULNERABILITY MANAGER LICENSE CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
OFFENSES IV90797 DISPLAYING OFFENSE COUNT BY CATEGORY AND/OR NETWORK DOES NOT RESPECT USER ACCOUNT DOMAIN CONFIGURATION CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
EVENTS IJ07174 "(1026) INVALID DATA" WHEN ADDING COMMA SEPARATED IP ADDRESSES TO AN EVENT RULE CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
OFFENSES IJ06833 OFFENSES CAN HAVE AN INCORRECT START TIME THAT IS PRIOR TO THE OFFENSE CREATION TIME WHEN USING "MATCH COUNT" RULES CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
EVENTS IJ05592 NETWORK NAME AND EVENT ‘DIRECTION’ CAN BE DISPLAYED INCORRECTLY WHEN EVENTS CONTAIN IPV6 ADDRESSES CLOSED Resolved in QRadar 7.3.1 Patch 6 18 September 2018
USER INTERFACE IJ04928 HOVERING OVER AN IP ADDRESS DOES NOT SHOW THE NETWORK NAME IF THE COUNTRY FIELD IS NOT POPULATED IN NETWORK HIERARCHY CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
OFFENSES IJ08032 QRADAR USERS WITHOUT THE ‘MANAGE OFFENSE CLOSING’ USER ROLE OPTION SELECTED CAN CLOSE OFFENSES CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
AUTHENTICATION IJ07975 LDAP LOGIN CAN FAIL FOR USERS WITH INTERNAL OR OPERATIONAL ATTRIBUTES CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
SERVICES IJ08436 PROCESS RUNNING OUT OF MEMORY DOES NOT CREATE SYSTEM.DMP FILE CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
SEARCHES IJ08828 NON-ADMIN USERS ARE UNABLE TO USE SEARCH FILTER ‘LOG SOURCE GROUP’, THE LIST DOES NOT LOAD CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
RULES IJ08845 /VAR/LOG/ FILLING WITH ‘COM.Q1LABS.CORE.AQL.XFORCEFUNCTIONS: [ERROR]’ MESSAGES CLOSED This issue resolved in QRadar 7.3.1 Patch 6 18 September 2018
REPORTS IJ08219 INCOMPLETE RESULTS IN REPORTS WHEN SELECTING ‘DAY OF THE WEEK’ TARGETED DATA SELECTION CONTAINER DETAILS OPEN Instead of selecting the day of the week under the Targeted Data Selection in the container details of the Report, if the day of the week parameter is included in the AQL query of the search, the completed report contains all the expected results for the day of the week specified in the AQL Query. 24 August 2018
APP FRAMEWORK IJ08034 USING THE STIG SCRIPTS ON A QRADAR CONSOLE CAN CAUSE THE APP FRAMEWORK TO FAIL OPEN Contact Support for a possible workaround 20 August 2018
VULNERABILITY SCAN IJ08038 OUTPOST24 VULNERABILITY SCAN STARTS AND THEN FAILS WITH NULLPOINTEREXCEPTION IN QRADAR.LOG OPEN No workaround available. 14 August 2018
APP FRAMEWORK IJ08092 ZOOKEEPER CAN FAIL TO START WHEN ZERO-LENGTH FILES ARE PRESENT IN LOGS DIRECTORY CAUSING MICROSERVICES INSTALLATION TO FAIL OPEN Contact Support for a possible workaround 10 August 2018
ASSETS IV89674 ASSET RECONCILIATION BLACKLIST REFERENCE SETS CAN BECOME BLOATED DUE TO NO EXPIRY DATE BEING SET CLOSED Install Baseline Maintenance Content Extension v1.0.5 or later 8 August 2018
REPORTS IJ06051 ‘WEEKLY SUCCESSFUL LOGIN EVENTS’ REPORT CONTAINS QRADAR APP LOGINS CLOSED Install Baseline Maintenance Content Extension v1.0.5 or later 8 August 2018
REPORTS IJ02578 ASSET DEVIATION REPORT LINK CONTAINED WITHIN A SYSTEM NOTIFICATION DOES NOT WORK CLOSED Install Baseline Maintenance Content Extension v1.0.5 or later 28 August 2018
PERFORMANCE IV87193 QRADAR SYSTEM DEGRADATION AND/OR DROPPED EVENTS CAN BE CAUSED BYSOME VULNERABILITY CRE TESTS CLOSED Resolved in 7.2.8 Patch 11 24 August 2018
SEARCH IJ00698 LOG ACTIVITY SEARCH SHOWS TWO OR MORE ROWS WITH SAME EVENT NAME CLOSED Resolved in 7.3.1 Patch 5 31 July 2018
FLOWS IJ06593 QRADAR PACKET CAPTURE CAN SOMETIMES NOT INGEST/PROCESS PCAP FILES UNTIL A DEPLOY FULL CONFIGURATION IS PERFORMED CLOSED as unreproducible Complete a ‘Deploy Full Configuration’. If you continue to experience this issue, contact QRadar Support. 30 July 2018
INSTALL/UPGRADE IJ01523 QRADAR UPGRADE TO 7.3.0.X ON SOFTWARE APPLIANCES CAN FAIL WITH ERROR ‘STORAGE CONFIGURATION FAILED’ CLOSED as Permanent restriction. No workaround available. 30 July 2018
SEACH IJ05806 SOME LOG ACTIVITY SEARCHES STOP RETURNING RESULTS FROM LOG SOURCE GROUPS AFTER PATCH/UPGRADE TO QRADAR 7.3.1 CLOSED Resolved in 7.3.1 Patch 5 29 July 2018
RULE RESPONSE IJ04903 ‘THIS INFORMATION SHOULD SET OR REPLACE THE NAME OF THE ASSOCIATED OFFENSE’ NOT ALWAYS WORKING AS EXPECTED CLOSED Resolved in 7.3.1 Patch 5 29 July 2018
REPORTS IJ05109 USING A FILTER CONTAINING A COMMA OPERATOR IN THE REGEX DOES NOT WORK WITH ‘WHEN THE EVENT MATCHES THIS SEARCH FILTER’ RULE CLOSED Resolved in 7.3.1 Patch 5 29 July 2018
REPORTS IV99417 OFFENSE START TIMES CAN JUMP BACK IN TIME IF CUSTOMER HAS LONG RUNNING OFFENSES AND LONG DELAY BETWEEN START AND STORAGE TIME CLOSED Resolved in 7.3.1 Patch 5 29 July 2018
REPORTS IJ04906 USING THE RIGHT-CLICK FILTER ‘SOURCE OR DESTINATION IP IS…’ IN A LOG ACTIVITY SEARCH DOES NOT WORK AS EXPECTED CLOSED Resolved in 7.3.1 Patch 5 29 July 2018
INSTALL/UPGRADE IJ05110 A FAILED AND ROLLED BACK PATCH ATTEMPT FROM 7.3.0.X TO 7.3.1.X CAN CAUSE ISSUES WHEN ATTEMPTING TO PATCH AGAIN CLOSED Resolved in 7.3.1 Patch 4 IF01 and ported to 7.3.1 Patch 5 29 July 2018
Reports IJ08219 INCOMPLETE RESULTS IN REPORTS WHEN SELECTING ‘DAY OF THE WEEK’ TARGETED DATA SELECTION CONTAINER DETAILS CLOSED Install Baseline Maintenance Content Extension v1.0.5 or later 24 August 2018
Reports IJ08219 INCOMPLETE RESULTS IN REPORTS WHEN SELECTING ‘DAY OF THE WEEK’ TARGETED DATA SELECTION CONTAINER DETAILS CLOSED Install Baseline Maintenance Content Extension v1.0.5 or later 24 August 2018
USER INTERFACE IJ05185 UNABLE TO EDIT QRADAR LDAP CONFIGURATION AFTER A PREVIOUSLY MAPPED USER ROLE OR SECURITY PROFILE IS DELETED CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
USER INTERFACE IV97787 THE QRADAR ASSET TAB CAN BE SLOW TO LOAD WHEN THERE ARE A LARGE NUMBER OF ASSET VULNERABILITY INSTANCES CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
SEARCHES IJ06611 POP UP WINDOW WITH NO SEARCH RESULTS WHEN DRILLING DOWN INTO SEARCH RESULTS CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
SEARCHES IJ05806 SOME LOG ACTIVITY SEARCHES STOP RETURNING RESULTS FROM LOG SOURCE GROUPS AFTER PATCH/UPGRADE TO QRADAR 7.3.1 CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
REPORTS IJ06278 RUNNING A LOG SOURCE REPORT AGAINST AN EMPTY LOG SOURCE GROUP RETURNS ALL LOG SOURCES CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
REPORTS IJ05341 ‘EXPORT TO XML’ OR ‘EXPORT TO CSV’ FROM THE QRADAR ASSETS TAB CAN SOMETIMES UNEXPECTEDLY STOP/FAIL CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
SEARCHES IJ04906 USING THE RIGHT-CLICK FILTER ‘SOURCE OR DESTINATION IP IS…’ IN A LOG ACTIVITY SEARCH DOES NOT WORK AS EXPECTED CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
SEARCHES IJ03405 AQL SEARCHES THAT OPEN THE LOG ACTIVITY PAGE AFTER COMPLETING CAN DISPLAY UNEXPECTED HTML CHARACTERS CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
SEARCHES IJ00489 COMMAS ARE SWITCHED TO ‘OR’ WHEN MULTIPLE CUSTOM EVENT PROPERTIES ARE CONTAINED IN A SEARCH CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
OFFENSES IV99417 OFFENSE START TIMES CAN JUMP BACK IN TIME IF CUSTOMER HAS LONG RUNNING OFFENSES AND LONG DELAY BETWEEN START AND STORAGE TIME. CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
OFFENSES IV92376 OFFENSES CAN SOMETIMES NOT GENERATE WHEN A RULE RESPONSE TO CREATE A NEW OFFENSE INDEXED BY HOSTNAME (CUSTOM) IS CONFIGU CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
SEARCHES IV85637 TOP SOURCES AND TOP DESTINATION DASHBOARD SEARCHES REPORT DATA FROM ALL DOMAINS NOT JUST THE CONFIGURED ONES CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
FLOWS IV84601 CATEGORIZATION OF OFF-SITE SOURCE AND TARGET FOR FLOWS DISPLAYS AS ‘UNKNOWN’ AND APPLICATION DISPLAYS AS ‘OTHER’ CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
EVENTS IJ06381 EVENTS FORWARDED VIA AN OFFENSE RULE DO NOT HAVE A VALID SYSLOG HEADER APPENDED CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
EVENTS IJ05338 EVENT COLLECTION CAN STOP DUE TO A BUFFER UNDERFLOW EXCEPTION IN ECS-EC REQUIRING AN ECS-EC-INGRESS SERVICE RESTART CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
LOG SOURCES IJ04654 LOGFILE PROTOCOL LOG SOURCES CAN STOP WORKING, FAIL TO CONNECT WITH ERROR ‘ALGORITHM NEGOTIATION FAIL’ IN CONFIG WINDOW CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
OFFENSES IJ04225 USING THE QRADAR API “GET /SIEM/OFFENSE” TO RETRIEVE A LIST OF OFFENSES CAN TAKE LONGER THAN EXPECTED TO COMPLETE CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
LICENSES IJ02819 ‘…SENT A TOTAL OF XXXX EVENT(S) DIRECTLY STORAGE…QUEUE IS AT 0 PERCENT CAPACITY” DURING OVER LICENSE EPS SPIKES CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
OFFENSES IJ00971 AN APPLICATION ERROR MAY OCCUR IN THE OFFENSE TAB WHEN THE END TIME FOR AN OFFENSE IS IN THE FUTURE CLOSED This issue resolved in QRadar 7.3.1 Patch 5, QRadar 7.3.1 Patch 4, and QRadar 7.2.8 Patch 12 2 August 2018
CUSTOM EVENTS IJ00878 CUSTOM EVENT PROPERTY WITH SPACE IN ITS NAME IS NOT FORWARDED TO THE DESTINATION CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
SEARCHES IJ05096 QUICK SEARCHES CONTAINING AN ‘AND’ OPERATOR CAN SOMETIMES FAIL TO PROGRESS TO COMPLETION CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
LICENSES IJ03439 CLICKING THE ‘SUSPECT CONTENT’ ICON DISPLAYS A BLANK PAGE WHEN NO APPROPRIATE LICENSE IS INSTALLED/CONFIGURED CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
TRAFFIC IJ01001 QNI CLASSIFIES LDAP TRAFFIC AS FTP TRAFFIC CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
FLOWS IJ02836 NO FLOWS BEING RECEIVED FROM A QFLOW APPLIANCE CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
DATABASE IJ04314 QRADAR DATABASE REPLICATION TO MANAGED HOSTS CAN FAIL WHEN THE CONSOLE /STORETMP HAS INSUFFICIENT FREE SPACE AVAILABLE CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
DATA IJ03316 DATA BACKUPS FAIL WHEN EVENT/FLOW LOG HASHING IS ENABLED CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
LOG SOURCES IJ02749 ‘TARGET EXTERNAL DESTINATIONS’ BECOMES UNSELECTED AFTER PERFORMING A ‘BULK EDIT’ OF LOG SOURCES CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
RULES IJ02262 RULES IMPORTED FROM A SYSTEM WITH CONFIGURED DOMAINS TO A SYSTEM WITHOUT DOMAINS CAN SEE REFERENCE SET DATA ISSUES CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
UPGRADE IJ06277 UPGRADE TO 7.3.X FAILS AND PROMPTS FOR REDHAT ISO WHEN /VAR/LOG/INSTALL.LOG IS MISSING CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
UPGRADES IJ05311 GARP REQUEST DURING HA_SETUP.SH CAN SOMETIMES BE BLOCKED BY A NETWORK SWITCH PREVENTING ARP TABLES FROM BEING UPDATED CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
UPGRADES IJ05110 A FAILED AND ROLLED BACK PATCH ATTEMPT FROM 7.3.0.X TO 7.3.1.X CAN CAUSE ISSUES WHEN ATTEMPTING TO PATCH AGAIN CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
UPGRADES IJ04472 RECOVERY REINSTALL ON A HIGH AVAILABILITY PRIMARY CAN FAIL DISPLAYING AS ‘UNKNOWN’ STATE IN SYSTEM AND LICENSE WINDOW CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
UPGRADES IJ03981 QRADAR UPGRADE AND/OR PATCH FAILS WITH ‘ERROR EXECUTING 34-POSTGRESQL-UPGRADE.SH’ WHEN UNEXPECTED DATABASE EXIST CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
UPGRADES IJ00104 QRADAR UPGRADE TO 7.3.0.X CAN FAIL “…GENERATE_ENVIRONMENT.SH: OPTION REQUIRES AN ARGUMENT — N” CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
APPLIANCES IJ05193 SOME QRADAR SOFTWARE APPLIANCES ARE NOT ABLE TO ADD A QVM SCANNER IN THE QRADAR USER INTERFACE CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
SECURITY IJ01123 Q1X509TRUSTMANAGER LEAKS FILE HANDLES IF THERE IS A TRUST STORE IN /OPT/QRADAR/CONF/TRUSTED_CERTIFICATES CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
DEVICES IJ02635 ‘APPLICATION ERROR’ WHEN PERFORMING A NORMALIZED DEVICE COMPARISON FOR A PALO ALTO DEVICE CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
QVM SCANS IJ06302 SCAN EXPORT DOES NOT HONOR SPECIFIED VULNERABILITIES THAT ARE CONFIGURED IN THE SCAN POLICY CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
QVM DOMAINS IJ01180 INTERACTION WITH IBM BIGFIX AND QVM CAN FAIL WHEN DOMAIN AUTHENTICATION IS USED CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
ASSETS IJ00941 EXCEPTIONED VULNERABILITIES ARE STILL APPEARING IN MANAGE VULNERABILITY VIEW FOR SOME ASSETS CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
EVENTS IJ02457 UNPARSED CRE EVENTS CONTAINING ‘WHERE CATEGORY BETWEEN…” OBSERVED WHEN USER BEHAVIOR ANALYTICS (UBA) APP INSTALLED CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
REPORTS IJ04421 REPORTS CAN FAIL TO RUN WHEN EVENT AND/OR FLOW HASHING WITH HMAC IS ENABLED IN ARIEL DATABASE SETTINGS CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
LOGS IV98932 /VAR/LOG/ PARTITION CAN BECOME FILLED DUE TO REPEATED TEST EXCEPTION MESSAGES BEING LOGGED CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
SCANS IV97516 ‘WHEN THE DESTINATION IS VULNERABLE TO CURRENT EXPLOIT ON ANY PORT’ RULE TEST STOPS WORKING AFTER VULNERABILITY SCAN CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
USER INTERFACE IJ06084 SETTING A DELEGATED ADMINISTRATION PERMISSION FOR ‘MANAGE REFERECE DATA’ ONLY DOES NOT ALLOW ACCESS TO ADMIN TAB CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
API IJ06032 CHANGES MADE WITHIN THE INCLUDED QRADAR API CHANGED HOW SOME QRADAR APPS FETCH DATA (EG. USER BEHAVIOR ANALYTICS – UBA) CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
SEARCHES IJ05712 QRADAR REFERENCE SET DATA FILTER SEARCHES (MANUAL AND WITHIN SOME APPS) CAN TAKE LONGER THAN EXPECTED TO COMPLETE CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
SEARCHES IJ05109 USING A FILTER CONTAINING A COMMA OPERATOR IN THE REGEX DOES NOT WORK WITH ‘WHEN THE EVENT MATCHES THIS SEARCH FILTER’ RUL CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
EVENTS IJ04903 ‘THIS INFORMATION SHOULD SET OR REPLACE THE NAME OF THE ASSOCIATED OFFENSE’ NOT ALWAYS WORKING AS EXPECTED CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
SEARCHES IJ03209 ‘ADD’ BUTTON DOES NOT WORK WHEN AN ‘EQUALS ANY OF’ CONDITION IS PRESENT WITHIN THE RULE WIZARD WITH MORE THAN ONE PROPERTY CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
RULES IJ02670 RULE TEST ‘AND WHEN THE URL (CUSTOM) IS CATEGORIZED BY X-FORCE AS ONE OF THE FOLLOWING CATEGORIES’ CAN SOMETIMES FAIL TO FIRE CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
REFERENCE SETS IJ02533 ERROR ‘JAVA.LANG.NUMBERFORMATEXCEPTION:EMPTY STRING’ IS GENERATED WHEN ATTEMPTING TO ADD REFERENCE SET VALUES CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
RULES IJ02437 BUILDING BLOCKS CAN FAIL TO WORK AS EXPECTED WHILE RULES ARE BEING RELOADED CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
RULES IJ00772 REGULAR EXPRESSIONS IN THE RULE EDITOR DO NOT WORK WITH JAPANESE CHARACTORS CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
SERVICES IJ02782 REQUIRED SERVICES RESTART IS NOT PERFORMED AFTER SWITCH FROM DAYLIGHT SAVING TIME TO STANDARD TIME CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
USER INTERFACE IJ07150 REPORT GROUPS ARE SOMETIMES NOT SHAREABLE FROM AN ADMIN TO A NON-ADMIN USER CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
FORENSICS DECAPPER IJ07872 QRADAR NETWORK INSIGHTS STOPS PROCESSING FLOWS, PACKETS DROPPED BY THE DECAPPER CLOSED This issue resolved in QRadar 7.3.1 Patch 5 2 August 2018
EVENTS IJ02819 ‘…SENT A TOTAL OF XXXX EVENT(S) DIRECTLY STORAGE…QUEUE IS AT 0 PERCENT CAPACITY" DURING OVER LICENSE EPS SPIKES CLOSED This issue was fixed in QRadar 7.3.1 Patch 4 Interim Fix 1 and 7.3.1 Patch 5. 27 July 2018
WINCOLLECT IJ05619 NETAPP DATA ONTAP EVENTS THAT ARE COLLECTED USING WINCOLLECT CAN BE MISSING EVENT PAYLOAD DATA FOLLOWING MESSAGE= CLOSED This issue is resolved in WinCollect 7.2.8 10 July 2018
WINCOLLECT IJ03314 WINCOLLECT AGENT STOPS SENDING EVENTS TO COLLECTOR ‘COULD NOT RESTART AGENT PROCESS AFTER UNEXPECTED EXIT’ IN LOGS CLOSED This issue is resolved in WinCollect 7.2.8 10 July 2018
WINCOLLECT IJ02840 UNABLE TO UPGRADE/INSTALL WINCOLLECT 7.2.7 ON WINDOWS SERVER CORE 2016 USING THE PATCH/CONFIGURATION CONSOLE INSTALLER CLOSED This issue is resolved in WinCollect 7.2.8 10 July 2018
WINCOLLECT IJ02744 WINCOLLECT CAN SOMETIMES STOP COLLECTING SECURITY EVENTS DUE TO AN ISSUE WITH SID TRANSLATION CLOSED This issue is resolved in WinCollect 7.2.8 10 July 2018
WINCOLLECT IJ01529 WINCOLLECT 7.2.7 LOG SOURCES CONFIGURED TO USE MSEVEN6 AND POLLING INTERVAL OF 1500 OR LOWER CAN STOP RECEIVING LOGS CLOSED This issue is resolved in WinCollect 7.2.8 10 July 2018
WINCOLLECT IJ01089 HIGH CPU LOAD OBSERVED AFTER UPGRADING WINCOLLECT TO VERSION 7.2.7 AND USING MSEVEN6 CLOSED This issue is resolved in WinCollect 7.2.8 10 July 2018
WINCOLLECT IJ01531 WINCOLLECT CAN SOMETIMES STOP GATHERING WINDOWS IIS LOGS UNTIL A RESTART OF THE AGENT OCCURS CLOSED This issue is resolved in WinCollect 7.2.8 10 July 2018
WINCOLLECT IJ01528 DUPLICATE WINCOLLECT HOSTNAMES CAN BE CREATED DURING A WINCOLLECT UPGRADE CLOSED This issue is resolved in WinCollect 7.2.8 10 July 2018
WINCOLLECT IV96284 UPGRADING THE WINCOLLECT .SFS CAN REQUIRE AN ADDITIONAL ‘DEPLOY FULL CONFIGURATION’ TO COMPLETE SOME AGENT INSTALLATIONS CLOSED This issue is resolved in WinCollect 7.2.8 10 July 2018
WINCOLLECT IJ06382 INSTALLING WINCOLLECT 7.2.7 ON QRADAR 7.3.1.X REQUIRES THE ECS-EC-INGRESS PROCESS TO BE RESTARTED CLOSED This issue is resolved in WinCollect 7.2.8 10 July 2018
WINCOLLECT IJ01186 WINCOLLECT AGENT STATUS DISPLAYED IN THE QRADAR USER INTERFACE CAN BE INACCURATE CLOSED This issue is resolved in WinCollect 7.2.8 10 July 2018
WINCOLLECT IJ01921 WINCOLLECT VERSION 7.2.6 AND HIGHER LOG SOURCES CONFIGURED WITH MSEVEN6 PROTOCOL USE A DYNAMIC PORT RANGE 49152 TO 65535 CLOSED This issue is resolved in WinCollect 7.2.8 10 July 2018
CONFIGURATION SERVER PROTOOL (WINCOLLECT) IV99280 CHANGES MADE TO THE WINCOLLECT SERVER CONFIGURATION ARE NOT PUSHED OUT TO WINCOLLECT AGENTS CLOSED This issue is resolved in QRadar 7.2.8 Patch 14 24 October 2018
WINCOLLECT IV96608 WINCOLLECT 7.2.6 STOPS COLLECTING EVENTS ON WINDOWS COMPUTERS AFTER THEY REBOOT/RESTART CLOSED This issue is resolved in WinCollect 7.2.7 8 September 2017
WINCOLLECT IV98218 WINCOLLECT PULLS INCOMPLETE PAYLOADS FROM 32 BIT VERSIONS OF MICROSOFT WINDOWS SERVER OS DNS EVENT LOGS CLOSED This issue is resolved in WinCollect 7.2.7 8 September 2017
WINCOLLECT IV91737 KOREAN LANGUAGE CHARACTERS DO NOT DISPLAY CORRECTLY IN EVENTS THAT ARE GATHERED USING WINCOLLECT FILE FORWARDING CLOSED Resolved in WinCollect 7.2.6 29 May 2017
WINCOLLECT IV96608 WINCOLLECT 7.2.6 STOPS COLLECTING EVENTS ON WINDOWS COMPUTERS AFTER THEY REBOOT/RESTART CLOSED This issue is resolved in WinCollect 7.2.6 08 September 2017
WINCOLLECT IV92211 EVENT PAYLOAD IS TRUNCATED AFTER ‘MESSAGE=’ FOR WINDOWS EVENT ID 4688 WHEN USING AN XPATH QUERY IN A WINCOLLECT LOG SOURCE CLOSED This issue is resolved in WinCollect 7.2.6 29 May 2017
WINCOLLECT IV96284 UPGRADING THE WINCOLLECT .SFS CAN REQUIRE AN ADDITIONAL ‘DEPLOY FULL CONFIGURATION’ TO COMPLETE SOME AGENT INSTALLATIONS CLOSED This issue is resolved in WinCollect 7.2.6 29 May 2017
WINCOLLECT IV96364 THE WINCOLLECT 7.2.6 .SFS FOR QRADAR 7.3 NEEDS TO BE APPLIED AFTER UPGRADING QRADAR FROM 7.2.8.X TO 7.3.0.X CLOSED This issue is resolved in WinCollect 7.2.6 29 May 2017
SEARCH IJ10953 ADD +’ BUTTON CAN STOP RESPONDING WHEN USING THE ‘SEARCH FILTER’ RULE TEST WITH ‘EQUALS ANY OF’ OPTION OPEN: FOUND IN QRADAR 7.2.8 Use/create a Building Block to match multiple entries to apply as a single test condition to the rule. 28 November 2018
LOG SOURCE GROUPS IJ10154 A’ERROR OCCURRED WHILE SEARCHING FOR DEPENDENTS’ MESSAGE WHEN DELETING AN EMPTY LOG SOURCE GROUP OPEN: REPORTED IN QRADAR 7.2.7 Contact QRadar Support for a possible workaround that might address this issue in some instances. 28 November 2018
DISK SPACE IJ10640 /VAR/LOG/ PARTITION CAN FILL ON HIGH AVAILABILITY SECONDARIES DUE TO /VAR/LOG/SYSTEMSTABMON NOT BEING ROTATED OPEN: REPORTED IN QRADAR 7.3.1 PATCH 5 Contact Support for a possible workaround that might address this issue in some instances. 28 November 2018
GEOGRAPHIC DATA IJ11032 HOVER OVER OF AN IP ADDRESS’S GEOGRAPHIC FLAG CAN SOMETIMES SHOW INCORRECT INFORMATION OPEN: REPORTED IN QRADAR 7.3.1 PATCH 3 No workaround available. 28 November 2018
COMMAND LINE IJ11110 BENIGN ERROR IN QRADAR LOGGING ‘RUNTIME EXCEPTION PROCESSING REQUEST GET QUERY STATUS – QUERYSTATUSWAIT…’ OPEN: REPORTED IN QRADAR 7.3.1 PATCH 1 The benign error messages can be ignored by administrators while we work to remove them from qradar.log. 28 November 2018
USER INTERFACE IJ11493 LOG SOURCE WINDOW CAN TAKE MINUTES TO LOAD DUE TO THREAD LOCK OPEN: REPORTED IN QRADAR 7.3.1 PATCH 1 Administrators can use the Log Source Management App for QRadar as a workaround to this issue. 28 November 2018
OFFENSES IJ10956 ‘OFFENSES’ COUNT NUMBER DISPLAYED ON THE OFFENSE SUMMARY SCREEN CAN BE INCORRECT IN MULTI-DOMAIN ENVIRONMENTS OPEN: REPORTED IN QRADAR 7.2.8 No workaround available. 28 November 2018
APP FRAMEWORK IJ10675 QRADAR APPS FAIL TO INSTALL WHEN THE EXTENSION VALIDATION KEYSTORE PASSWORD CANNOT BE DECRYPTED OPEN: REPORTED IN QRADAR 7.3.1 No workaround available. 28 November 2018
APP FRAMEWORK IJ10949 QRADAR APPS CAN SOMETIMES FAIL TO LOAD DUE TO A RACE CONDITION AFTER THE TOMCAT SERVICE HAS BEEN RESTARTED OPEN: REPORTED IN QRADAR 7.3.1 PATCH 5 IF01 A manual restart of select services from the command line of the QRadar Console can sometimes correct the issue. To restart services, log in as root and type: 1. systemctl stop hostcontext, 2: systemctl restart tomcat, 3: systemctl start hostcontext. The QRadar user interface will be inaccessible until all required services are successfully restarted. If you are unsure of this procedure, Contact QRadar Support. 28 November 2018
SEARCH IJ10924 SEARCH DATA CONFIGURED TO BE ACCUMULATED (TIME SERIES) CAN FAIL TO DISPLAY DUE TO INVALID REGEX OPEN: REPORTED IN QRADAR 7.3.0 AND 7.3.1 VERSIONS No workaround available. 28 November 2018
MSRPC PROTOCOL IJ11495 DISABLED MSRPC CONNECTIONS DO NOT ALWAYS CLOSE THE CONNECTION BETWEEN THE QRADAR HOST AND THE WINDOWS SYSTEM OPEN: REPORTED IN PROTOCOL-WINDOWSEVENTRPC-7.3-20170818183912 No workaround available. 23 November 2018
API IJ11393 USING THE API TO UPDATE LOG SOURCES CAN RETURN: COULD NOT UPDATE LOGSOURCE {NUMBER}. THE TOTAL MAXIMUM…’ OPEN: REPORTED IN QRADAR 7.3.1 PATCH 3 No workaround available. 21 November 2018
DASHBOARD IJ11170 DASHBOARD SEARCHES CONTAINING SEARCHES WITH UNIQUE COUNTS ENABLED CAN DISPLAY INCONSISTENT RESULTS OPEN: REPORTED IN QRADAR 7.2.8 No workaround available. 21 November 2018
OFFENSES IJ10557 OFFENSE PAGE CAN BE SLOW TO LOAD WHEN THERE ARE TOO MANY INACTIVE OFFENSES REMAINS AFTER RETENTION PERIOD ELAPSED OPEN: REPORTED IN QRADAR 7.2.8 For more details on Offense retention, see the QRadar Knowledge Center 21 November 2018
AQL OFFENSE SEARCH IJ11113 AQL SEARCH CAN GENERATE A “FAILED TO INSTANTIATE FUNCTION ‘INOFFENSE'” ERROR MESSAGE OPEN: REPORTED IN QRADAR 7.2.8 PATCH 10 No workaround available. 16 November 2018
REFERENCE SETS IJ10643 SOME QRADAR USERS ARE UNABLE TO VIEW VALUES COLUMN IN REFERENCE SETS OPEN: REPORTED IN QRADAR 7.3.1 PATCH 5 Contact QRadar Support for a possible workaround that might address this issue in some instances. 16 November 2018
SEARCH IJ10582 SEARCH WITH FILTER ‘USERNAME IS NOT N/A’ IN REPORTS AND DASHBOARDS CAN CAUSE ‘ACCUMULATOR FALLING BEHIND’ SYSTEM NOTIFICATIONS OPEN: REPORTED IN QRADAR 7.3.1 PATCH 6 IF 1 Where possible, do not use the search filter “Username is not N/A” until the fix pack is released that addresses this issue. 16 November 2018
SEARCH IJ11170 DASHBOARD SEARCHES CONTAINING SEARCHES WITH UNIQUE COUNTS ENABLED CAN DISPLAY INCONSISTENT RESULTS OPEN: REPORTED IN QRADAR 7.2.8 No workaround available. 13 November 2018
FLOWS IJ11163 NETFLOW V9 / IPFIX INITIATOR/RESPONDER OCTET/PACKET FIELD DATA IS NOT PROCESSED BY QRADAR OPEN: REPORTED IN QRADAR 7.2.8 No workaround available. 8 November 2018
SYSTEM DATE / TIME IJ10892 MANUALLY SETTING APPLIANCE SYSTEM DATE IN THE QRADAR USER INTERFACE CAN CHANGE THE DATE TO -1 DAY AFTER SERVICES ARE RESTARTED OPEN: REPORTED IN QRADAR 7.3.1 PATCH 5 Contact QRadar Support for a possible workaround that might address this issue in some instances. 7 November 2018
REPORTS IJ10609 “NO DATA FOR CHART” IN TIMESERIES REPORT WHEN ‘TIME’ VARIABLE IS THE HORIZONTAL AXIS OPEN: REPORTED IN QRADAR 7.2.8 PATCH 12 No workaround available. 2 November 2018
USER INTERFACE IJ10395 HOVER-TEXT DISPLAYS ‘NO EXTRA DATA FOR COULD BE LOCATED FOR THIS ITEM’ INSTEAD OF LDAP USERNAME IN DOMAIN ENVIRONMENT OPEN: REPORTED IN QRADAR 7.2.8 PATCH 13 No workaround available. 1 November 2018
NETWORK HIERARCHY / SECURITY PROFILE IJ10376 NAME CHANGE MADE TO A NETWORK HIERARCHY OBJECT IS NOT REFLECTED IN THE QRADAR ADMIN – SECURITY PROFILES OPEN: REPORTED IN QRADAR 7.2.8 No workaround available. 1 November 2018
ASSET SEARCH IJ10862 EXPORTED ASSET SEARCHES CONTAINING A NETWORK FILTER CAN GENERATE BLANK XML OR CSV FILES OPEN: REPORTED IN QRADAR 7.3.1 PATCH 5 Remove the network filter from the asset search. 2 November 2018
APP FRAMEWORK IJ10112 QRADAR APPS FAIL TO LOAD WITH ‘UNAUTHORIZED: AUTHENTICATION REQUIRED’ IN QRADAR LOGS OPEN: REPORTED IN QRADAR 7.3.0 AND QRADAR 7.3.1 VERSIONS Contact QRadar Support for a possible workaround that might address this issue in some instances. 1 November 2018
FLOWS IJ10404 FLOWS EXCEEDING 4GB IN SIZE DISPLAY INCORRECT PACKET AND BYTE NUMBERS OPEN: REPORTED IN QRADAR 7.3.0 AND QRADAR 7.3.1 VERSIONS Contact QRadar Support for a possible workaround that might address this issue in some instances. 1 November 2018
SEARCH IJ10743 SEARCH WITH ‘CONTAINS ANY OF’ CAN BE SLOWER TO COMPLETE WHEN USING SOME NON-ENGLISH LOCALES FOR QRADAR OPEN: REPORTED IN QRADAR 7.3.1 PATCH 4 IF1 The search can be run either using ILIKE in AQL or ‘matches any’ for a faster results when using non-English locale for the QRadar User Interface. 31 OCTOBER 2018
OFFENSES IJ09472 OFFENSES CAN FAIL TO GENERATE AFTER CHANGES ARE MADE TO THE NETWORK HIERARCHY OPEN: REPORTED IN QRADAR 7.3.1 PATCH 1 Performing a restart of the Console’s ecs-ep process from an SSH session or completing a Deploy Full Configuration from the Admin tab in the user interface should correct this issue. 31 OCTOBER 2018
REPORTS IJ09185 REPORTS CREATED FROM AN AQL QUERY ON ACCUMULATED OR RAW DATA THAT CONTAIN A SUB-SELECT QUERY FAIL TO GENERATE OPEN: REPORTED IN QRADAR 7.3.1 PATCH 1 No workaround available. 31 OCTOBER 2018
USER INTERFACE ACCESS IJ09375 TOMCAT OUT OF MEMORY CAN OCCUR WHEN API GET REQUEST PULLS A VERY LARGE /LOCAL_DESTINATION_ADDRESSES OPEN: REPORTED IN QRADAR 7.3.1 PATCH 1 No workaround available. 1 NOVEMBER 2018
COMMAND LINE IJ10111 FALSE POSITIVE (BENIGN) QRADAR LOG MESSAGES THAT APPEAR TO INDICATE A PROBLEM WITH QRADAR MAGISTRATE (MPC) AFTER DEPLOY OPEN: REPORTED IN QRADAR 7.3.1 PATCH 4 Administrators who see the transaction exception error messages defined in the APAR can ignore these benign log messages. No workaround available. 31 OCTOBER 2018
RULES IJ10827 DISABLED CUSTOM EVENT PROPERTIES (CEP) IN RULES OR CALCUATED CEP’S CAN CAUSE RULES NOT TO FIRE AS EXPECTED OPEN: REPORTED IN QRADAR 7.3.1 PATCH 5 From an SSH session to the QRadar Console appliance can locate the properties, then enable them in the user interface with the following command: grep -r “UnknownPropertyException” /var/log/ | grep -o -E “No property ‘[a-zA-Z0-9 ]+’ exists” | sort | uniq 1 NOVEMBER 2018
MANAGED HOSTS IJ10406 ATTEMPTING TO RE-ADD A MANAGED HOST (MH) THAT ORIGINALLY FAILED TO ADD DUE TO TIMEOUT CAN LEAVE THE MH IN A STUCK STATE OPEN: REPORTED IN QRADAR 7.3.1 VERSIONS Contact QRadar Support for a possible workaround that might address this issue in some instances. 30 OCTOBER 2018
MICROSOFT OFFICE 365 IJ08977 MICROSOFT OFFICE 365 LOG SOURCE CAN STOP COLLECTING WITH ‘ERROR -AN ERROR OCCURRED INDICATING THAT THE REQUIRED CERTIFICATE..’ OPEN: REPORTED IN ALL QRADAR VERSIONS Contact QRadar Support for a possible workaround that might address this issue in some instances. 31 OCTOBER 2018
SEARCH IJ10377 FILTERING BY MULTIPLE REFERENCE SETS USING ‘DOES NOT EXIST IN ANY OF’ DOES NOT WORK AS EXPECTED OPEN: REPORTED IN QRADAR 7.3.1 VERSIONS No workaround available. 30 OCTOBER 2018
AUTO UPDATE IJ10791 MANIFEST REQUIRES VERSION 8.9 BUT THE SCRIPTS ONLY CONTAIN 8.8. CANNOT CONTINUE’ AFTER AUTOUPDATE IS RUN OPEN: REPORTED IN QRADAR 7.3.1 VERSIONS Download the file autoupdate-8.9-2.noarch.rpm from IBM Fix Central and copy it to the QRadar Console. After the file is copied onto the QRadar console, install it via an SSH session to the QRadar console using the following command: yum -y install autoupdate-8.9-2.noarch.rpm 27 OCTOBER 2018
WINCOLLECT IJ10748 THE WINCOLLECT FILE FORWARDER CAN SOMETIMES STOP FORWARDING LESS ACTIVELY UPDATED FILES/DIRECTORIES CLOSED Resolved in WinCollect 7.2.8 Patch 1. See WinCollect 7.2.8 Patch 2 release notes to update as Fix Central no longer lists WinCollect 7.2.8 Patch 1 for download. 7 DECEMBER 2018
WINCOLLECT IJ12128 WINCOLLECT BUILD NUMBER IS NOT DISPLAYED IN THE WINCOLLECT AGENT VERSION FIELD CLOSED Resolved in WinCollect 7.2.8 Patch 2 19 December 2018
WINCOLLECT IJ10390 WINCOLLECT AGENTS DO NOT COMPLETE INSTALLATION DUE TO UNSUCCESSFUL PULL OF THE REQUIRED .PEM FILE CLOSED Resolved in WinCollect 7.2.8 Patch 1. See WinCollect 7.2.8 Patch 2 release notes to update. IBM Fix Central no longer lists WinCollect 7.2.8 Patch 1 for download. 25 OCTOBER 2018
REPORTS IJ06125 A REPORT RUNNER OUT OF MEMORY CAN SOMETIMES OCCUR WHILE CREATINGA REPORT WITH PDF FORMAT WITH VERY HIGH LIMITS (65K) RECORDS CLOSED Duplicate of IJ06862 and resolved in QRadar 7.3.1 Patch 6 25 OCTOBER 2018
HIGH AVAILABILITY (HA) IJ10367 HIGH AVAILABILITY (HA) FAILOVER CAN OCCUR WHEN A PING TEST FAILS FROM THE ACTIVE NODE AND SUCCEEDS FROM THE STANDBY OPEN: REPORTED IN MULTIPLE QRADAR 7.2.8 VERSIONS Contact QRadar Support for a possible workaround that might address this issue in some instances. 20 OCTOBER 2018
NETWORK HIERARCHY IJ09228 ‘AN ERROR OCCURRED STRING INDEX OUT OF RANGE’ WHEN EXPANDING OR COLLAPSING NETWORK HIERARCHY OPEN Rename the network to ensure the name does not conflict. 16 OCTOBER 2018
DOMAINS & TENANTS IJ09193 NON-ADMIN TENANT USER CANNOT SEE FLOW OFFENSES IN THE DOMAIN THEY HAVE PERMISSIONS FOR OPEN No workaround available. 16 OCTOBER 2018
REPORTS IJ08958 REPORT FAILS WITH RESULTSET OBJECT DOES NOT CONTAIN COLUMN “SINGLEARGSCALARFUNCTIONADAPTER(SUM(EVENTCOUNT))” OPEN: REPORTED IN QRADAR 7.3.1 PATCH 4 No workaround available. 16 OCTOBER 2018
SEARCH – AQL CUSTOM PROPERTIES IJ08858 ‘APPLICATION ERROR’ WHEN OPENING EVENTS AFTER A QRADAR USER HAS BEEN REMOVED THAT CREATED AQL CUSTOM PROPERTIES OPEN: REPORTED IN QRADAR 7.3.1 VERSIONS Contact QRadar Support for a possible workaround that might address this issue in some instances. 16 OCTOBER 2018
DATA NODE IJ09057 ‘TUNNEL HAS FAILED TO START’ MESSAGES AFTER REASSIGNING AN ENCRYPTED DATA NODE TO A DIFFERENT EVENT PROCESSOR OPEN Contact QRadar Support for a possible workaround that might address this issue in some instances. 16 OCTOBER 2018
RIGHT-CLICK IJ08964 RIGHT CLICK FOR “X-FORCE EXCHANGE LOOKUP” IS NOT DISPLAYED ON URL ITEM FROM AN AQL QUERY SEARCH IN LOG ACTIVITY OPEN: REPORTED IN QRADAR 7.2.8 PATCH 12 No workaround available. 16 OCTOBER 2018
HIGH AVAILABILITY (HA) IJ08975 /STORE ON ISCSI MOUNT CAN EXPERIENCE CORRUPTION DURING A HIGH AVAILABILITY (HA) FAILOVER OPEN: REPORTED IN QRADAR 7.3.0 AND 7.3.1 VERSIONS No workaround available. 16 OCTOBER 2018
REPORTS IJ09156 SOME OUT OF THE BOX QRADAR REPORTS COMPLETE SUCCESSFULLY WHILE GENERATING A RUNTIMEEXCEPTION IN QRADAR LOGS OPEN: REPORTED IN QRADAR 7.2.8 PATCH 7 No workaround available. 16 OCTOBER 2018
OFFENSES – HISTORICAL CORRELATION IJ08422 OFFENSE NAMES CREATED FROM HISTORICAL CORRELATION USE EVENT/FLOW LOW LEVEL CATEGORY INSTEAD OF EVENT NAME OPEN: REPORTED IN QRADAR 7.2.8 PATCH 7 No workaround available. 16 OCTOBER 2018
ASSETS IJ08963 ASSET UPDATES CAN STOP OCCURRING WHEN INVALID IPV6 VALUES ARE SENT TO THE ASSETPROFILER FROM A LOG SOURCE EXTENSION (LSX) OPEN: REPORTED IN QRADAR 7.2.8 PATCH 7 Contact QRadar Support for a possible workaround that might address this issue in some instances. 16 OCTOBER 2018
USER BEHAVIOR ANALYTICS APPLICATION IJ08911 MACHINE LEARNING FAILS DURING USER BEHAVIOR ANALYTICS (UBA) INSTALLATION ON QRADAR 7.3.1 PATCH 5 OPEN: REPORTED IN QRADAR 7.2.8 PATCH 5 See the following technical note: User Behavior Analytics: Troubleshooting Machine Learning after message ‘Installation has failed’ in QRadar 7.3.1 Patch 5 16 OCTOBER 2018
CONFIGURATION RESTORE IJ08864 CONFIG RESTORE WITH ONLY THE ‘INSTALLED APPLICATIONS CONFIGURATION’ CHECK BOX SELECTED CLOSES ALL OFFENSES OPEN: REPORTED IN QRADAR 7.3.1 PATCH 4 No workaround available. 30 AUGUST 2018
WINCOLLECT IJ10532 WINCOLLECT AGENT ‘LAST HEARTBEAT’ STATUS DISPLAYS AS “UNAVAILABLE” WHEN WORKING AS EXPECTED OPEN: REPORTED IN QRADAR 7.2.8 AND 7.3.1 VERSIONS No workaround available. 15 OCTOBER 2018
WINCOLLECT IJ10392 WINCOLLECT 7.2.8 NOT RECEIVING WINDOWS IAS LOGS WHEN CONFIGURED USING “IAS LEGACY” FORMAT. OPEN: REPORTED IN WINCOLLECT 7.2.8 No workaround available. 15 OCTOBER 2018
OFFENSES IJ09219 NON-ADMINISTRATOR USERS ARE UNABLE TO VIEW OFFENSE ‘CATEGORY NAME’ COLUMN DATA AND ‘NETWORK’ COLUMN DATA IN ASSOCIATED OFFENSES TAB VIEWS OPEN: REPORTED IN WINCOLLECT 7.2.8 No workaround available. 15 OCTOBER 2018
JDBC PROTOCOL IJ10114 ‘TABLE NOT FOUND’ MESSAGE WHEN USING UPPER CASE TABLE NAMES TO JOIN WITH POSTGRES (LOWER CASE) OPEN: REPORTED IN QRADAR 7.2.8 AND QRADAR 7.3.1 VERSIONS Administrators can verify with the database administrator if the tables are case sensitive before they connect using the JDBC protocol. 12 OCTOBER 2018
OFFENSE MANAGER IJ09316 SOURCE IPS AND DESTINATION IPS DISPLAY ‘UNAUTHORIZED’ IN OFFENSES TAB FOR USERS WITH APPROPRIATE RIGHTS OPEN: REPORTED IN QRADAR 7.3.1 PATCH 6 Avoid duplicate names within the Network Hierarchy, Network Group names. 9 OCTOBER 2018
LOG ACTIVITY – EVENT DETAILS IJ09157 QRADAR EVENT DETAILS SCREEN IS BLANK, ‘APPLICATION ERROR’ MESSAGE DISPLAYED OPEN: REPORTED IN QRADAR 7.2.8 PATCH 11 Contact QRadar Support for a possible workaround that might address this issue in some instances. 9 OCTOBER 2018
LOG SOURCE GROUPS IJ08218 A NON-ADMIN USER WITH NON-ADMIN USER ROLE AND WITH ADMIN ROLE PERMISSIONS CAN SOMETIMES NOT CHANGE A LOG SOURCE GROUP OPEN: REPORTED IN QRADAR 7.3.1 PATCH 3 Where possible: use admin user role instead of non-admin user role with admin permissions until a software update can be released. 9 OCTOBER 2018
LOG SOURCE GROUPS IJ07879 QRADAR APP GRAPHING STOPS, DISPLAYS A BLANK SCREEN OPEN: REPORTED IN QRADAR 7.2.8 PATCH 6 No workaround available. 19 OCTOBER 2018
FLOWS – FLOW PROCESSORS IJ09226 [EC] FLOW PROCESSORS WITH MANY CONNECTED FLOW COLLECTORS CAN RUNOUT OF OPEN FILE HANDLES FOR THE ECS-EC PROCESS OPEN: REPORTED IN QRADAR 7.3.0 VERSIONS No workaround available. 3 OCTOBER 2018
GEOGRAPHIC DATA IJ08974 QRADAR GEOGRAPHIC FILTERS DO NOT WORK FOR COUNTRY NAMES THAT DO NOT MATCH THE MAXMIND DATABASE OPEN: REPORTED IN QRADAR 7.3.1 VERSIONS No workaround available. 26 SEPTEMBER 2018
OFFENSE MANAGER IJ08399 OFFENSE SUMMARY PAGE CAN SOMETIMES TAKE LONGERTHAN EXPECTED OPEN: REPORTED IN QRADAR 7.3.1 PATCH 3 No workaround available. 26 SEPTEMBER 2018
AUDIT EVENTS IJ09486 SIM AUDIT BACKEND SECURITY EVENTS DO NOT EASILY ALLOW FOR SYSTEM IDENTIFICATION OPEN: REPORTED IN QRADAR 7.3.1 PATCH 5 No workaround available. 26 SEPTEMBER 2018
SERVICES / DATA PIPELINE IJ05649 ‘DEPLOY CHANGES’ CAN SOMETIMES CAUSE A DROP IN CONNECTION BETWEEN ECS-EC AND ECS-EP LEADING TO EVENTS BEING DROPPED CLOSED Resolved in QRadar 7.3.1 patch 6. 27 SEPTEMBER 2018
SEARCH / HISTORICAL CORRELATION IJ08851 NULLPOINTER EXCEPTION IN LOGS WHEN LOADING A SAVED SEARCH THAT CONTAINS SEARCH CRITERIA THAT INCLUDES A PURGED OFFENSE OPEN: REPORTED IN QRADAR 7.3.0 VERSIONS Contact QRadar Support for a possible workaround that might address this issue in some instances. 18 SEPTEMBER 2018
SERVICES – ARIEL PROXY IJ08848 ARIEL_PROXY_SERVER CAN GO OUT OF MEMORY DURING SEARCHES ON LARGE MULTI-CPU APPLIANCES DUE TO DEFAULT TUNING PARAMETER CLOSED This issue was resolved in QRadar 7.3.1 patch 6. 18 SEPTEMBER 2018
LOG SOURCES – WINDOWS IJ07877 DELETING A BULK ADDED WINDOWS LOG SOURCE CAN CAUSE THE ASSOCIATED ACTIVE DIRECTORY ACCOUNT TO BECOME LOCKED OUT OPEN: REPORTED IN QRADAR 7.3.1 PATCH 4 INTERIM FIX 02 The QRadar Log Source Management app can resolve lockout issues for bulk added Windows log sources. For more information, see APAR IJ07877: Resolving account lockout issues for MSRPC log sources 19 July 2018
SERVICES – APP FRAMEWORK IJ08847 QRADAR APP TABS CAN BE BLANK AFTER A ‘RESTART WEB SERVER’ IS PERFORMED FROM THE ADMIN TAB OPEN: REPORTED IN QRADAR 7.3.0 PATCH 5 This issue was resolved in QRadar 7.3.1 patch 6. 18 SEPTEMBER 2018