IBM Support

IJ02571: OFFENSE RULE SNMP RESPONSES DO NOT REFLECT THE OFFENSE DATA

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as suggestion for future release.

Error description

  • It has been observed, that after an offense rule is created and
    an SNMP response is configured for that rule to modify the
    offenseCRE.snmp.xml file to configure OIDs (properties) that
    are sent in the SNMP trap, the response coding in QRadar uses
    the asset model to attempt to populate these values for the
    Offense.
    When this occurs, the SNMP trap does not always contain the
    expected data that is visible in the Offense.
    

Local fix

  • No workaround available.
    

Problem summary

Problem conclusion

Temporary fix

Comments

  • This issue will not be fixed for now.
    

APAR Information

  • APAR number

    IJ02571

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    728

  • Status

    CLOSED SUG

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-12-11

  • Closed date

    2020-03-18

  • Last modified date

    2020-03-18

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"728","Edition":""}]

Document Information

Modified date:
27 March 2020