IBM Support

IBM Security QRadar SIEM V7.2.3 Fix List

Product Documentation


Abstract

A list of issues fixed in IBM Security QRadar SIEM V7.2.3

Content

IBM Security QRadar
Issues corrected in IBM Security QRadar 7.2.3.
Number Description
IV40246 The backup cannot discover disk space on partitions with a filesystem in the name.
IV42534 Running the setup -t pretest before upgrading to QRadar SIEM 7.1 can result in an incorrect logging directory version.
IV46482 The ecs service can display an error when a DNS lookup occurs on a host name that maps to more than 100 IP addresses.
IV48470 Active directory authentication delays occur when UDP communication is blocked.
IV49239 Hostcontext and autoupdatedeploy services can each start ECS at the same time.
IV49256 Offense reports can display multiple (n) entries incorrectly.
IV50351 The 'system error' popup message appears in QRadar SIEM 7.2.0 when the vulnerability details panel opens.
IV50570 Dashboard time series graphs can display incorrect data sets.
IV50571 SNMP response in an offense rule can fail.
IV50734 Patching a 7.2 HA system can fail due to a timing issue.
IV54266 Log source grouping is removed when a user is deleted.
IV54289 The "accumulated data is not available" error message appears in a generated report only from the table view.
IV54484 The routing rules interface might not display correctly when the rule contains a backslash (\) character.
IV54494 The system can fail to send report emails if the size of the generated report exceeds 10 MB.
IV54495 High-availability secondary systems in standby mode can accumulate log files and experience high disk usage.
IV54517 The event details page does not display the correct identity IP for the related asset.
IV54650 Reports that use the "include link to report console check box" can generate a certificate error.
IV54684 Arielclient commands can return a string|value instead of just the value.
IV54689 An HA secondary appliance with ISCSI can experience an issue where the secondary system goes offline after an hour.
IV55697 A Wincollect - application error can appear when you add new log sources from a group.
IV55746 The offense rule SNMP trap is missing the datasource_id and datasource_name.
IV56400 The vulnerability count for an asset can show 0, even though the actual count is not 0.
IV56797 Special characters, such as an ampersand, cannot be escaped in a rule.
IV57314 You cannot sort on the Asset Detail User List screen, and you cannot sort columns in ascending order or descending order.
IV57315 Updated memory and disk space requirements documentation with correct 1299 memory requirements.
IV57319 An offense search with the source IP specified in the search parameter does not return offenses that have multiple source IPs.
IV57322 The offense "reason for closing" window is not displayed from pages including offensecategorylist, offenserulelist, and so on.
IV58665 An application error appears in the System and License Management Details panel.
IV59086 If the eventthrottlefilterqueue disk chunk size is too small, the ECS pipeline fails and shuts down.
IV59162 When you customize the right-click menu, you can still access options without the capabilities defined in the user role.
IV59182 A configuration restore can fail on a system migrated from 7.0 because broken triggers remain.
IV59741 The coalescing events option is missing from the system settings in QRadar Log Manager.
IV59954 Two character user names are not allowed in the QVM scan setup.
IV60000 The CRE 'local network' test does not check both sides of a superflow.
IV60231 The orderby table alias is incorrectly defined in snmpevent.createeventfromoffense.
IV60572 The HTTP-only keywords are not set in cookies.
IV60579 The search criteria for inactive offenses does not function as documented from the offenses search screen.
IV60746 QRadar is using an older version of Webmin.
IV60998 System notifications can stress the Tomcat in extreme cases.
IV61258 The SQL exception is present in the offense tab.
IV61369 The event export for CSV or xml is missing the first column.
IV61745 An event parsing order not properly respected by the event pipeline after the parsing order is changed.
IV61915 Search fail due to the /store/ariel/persistent_data partition becoming full.
IV62007 Vulnerability RHSA-2014-0164
IV62698 The forensics/pcap iptables line number error prevents rule updates.
IV63101 Paired console HA primary and secondary appliances can experience a high disk load.
IV63102 The QRadar UI session does not require login re-authentication in certain session timeout instances.
IV63115 If a reference set is not found when called by a rule, any subsequent reference sets are not called.
IV63116 Empty reference sets from earlier QRadar revisions that are migrated during a patch cannot be used/referenced.
IV63119 An error message appears when you try to open the "Manage Search Results" screen.
IV63121 "Last seen active" for assets with services remains blank after an initial VA scan, but populates after a subsequent scan.
IV61741 Rules that access reference set data can cause system performance degradation messages.

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
17 June 2018

UID

swg27042980