Topic
  • 2 replies
  • Latest Post - ‏2015-10-28T02:18:54Z by patriot3w
patriot3w
patriot3w
3 Posts

Pinned topic setup incident forensic button missing

‏2015-10-27T08:10:37Z |

I'm not able to find the "setup incident forensic" button in the Admin tab, how can i troubleshoot this?

When i click on Forensics - Server Management, it has error: QRadar Incident Forensics is licensed but has not yet been configured.

Thanks.

  • JonathanPechtaIBM
    JonathanPechtaIBM
    7 Posts

    Re: setup incident forensic button missing

    ‏2015-10-27T16:13:48Z  

    Two possible questions I have on this issue. 
     

    1. What version of QRadar/Forensics are you on and are both systems on the same software version?
      If there is a software version mismatch 7.2.4 Forensics and 7.2.5 QRadar Console, then you should backup and reinstall your Forensics system to version 7.2.5.

      OR
       
    2. Did this error message occur after an upgrade to version 7.2.5?
      In QRadar 7.2.5, you need to add the Forensics system as managed host to QRadar. If there was an error when adding the Forensics system as a managed host, then you might see the error that you reported "Forensics is not configured". If you recently upgraded to Forensics 7.2.5, then hit this issue you might need to open a ticket to get assistance or backup your data and reinstall the Forensics 7.2.5 system. If you have questions about either of these options, you can open a support ticket to ask further questions.

    Hope this helps...if you have further questions, feel free to ask.

     

     

  • patriot3w
    patriot3w
    3 Posts

    Re: setup incident forensic button missing

    ‏2015-10-28T02:18:54Z  

    Two possible questions I have on this issue. 
     

    1. What version of QRadar/Forensics are you on and are both systems on the same software version?
      If there is a software version mismatch 7.2.4 Forensics and 7.2.5 QRadar Console, then you should backup and reinstall your Forensics system to version 7.2.5.

      OR
       
    2. Did this error message occur after an upgrade to version 7.2.5?
      In QRadar 7.2.5, you need to add the Forensics system as managed host to QRadar. If there was an error when adding the Forensics system as a managed host, then you might see the error that you reported "Forensics is not configured". If you recently upgraded to Forensics 7.2.5, then hit this issue you might need to open a ticket to get assistance or backup your data and reinstall the Forensics 7.2.5 system. If you have questions about either of these options, you can open a support ticket to ask further questions.

    Hope this helps...if you have further questions, feel free to ask.

     

     

    Thanks. I'm in 7.2.5, after i added, it's working now. I might follow the 7.2.4 guide.