APAR status
Closed as program error.
Error description
When an Offense rule is created using the rule test "and when the destination list includes any of the following A.B.C.D/E" using a public IP, the rule does not trigger.
Local fix
The public IP that is in the Destination test list could be added to the network hierarchy. *Note: If this is performed, that IP is then considered local and can affect other rules and aspects of how events/flows are handled by QRadar when that IP is identified. For more information on Network Hierarchy functions in QRadar: https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.2/com.ibm .qradar.doc/c_qradar_adm_netwk_hierarchy.html
Problem summary
This issue has been resolved in QRadar 7.5.0 Update Package 4.
Problem conclusion
This issue has been resolved in QRadar 7.5.0 Update Package 4.
Temporary fix
Comments
APAR Information
APAR number
IJ29374
Reported component name
QRADAR SOFTWARE
Reported component ID
5725QRDSW
Reported release
733
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-11-18
Closed date
2022-12-13
Last modified date
2022-12-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
QRADAR SOFTWARE
Fixed component ID
5725QRDSW
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"733","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
13 December 2022