IBM Support

IBM Security QRadar SIEM V7.2.4 Fix List

Product Documentation


Abstract

A list of issues fixed in IBM Security QRadar SIEM V7.2.4.

Content

IBM Security QRadar
Issues corrected in IBM Security QRadar 7.2.4.
Number Description
IV46355Rapid7 NeXpose scanner displays an error when the site name pattern field contains an ampersand (&) character
IV46461The test field in the custom properties window might not display special characters as intended
IV47857No notification that events are dropped by a routing rule
IV50577The license details screen may show license details for another host in the deployment
IV50730Backup archives fail to generate due to a missing RPM dependency caused by automatic updates
IV54191Asset search with OS information is slow
IV54564User profiles with only access to reports will throw a 404 error when accessing reports in IE
IV54606After an upgrade to QRadar 7.2 MR1 patch 1, a log source extension might display invalid character symbols
IV54655Deploys may fail when an encrypted connection exists for an unassigned component
IV54675Dashboard time series graphs for event rates (EPS) might display a decrease in an event rate where none exists
IV54720Managed hosts with an HA secondary might experience a Postgres RPM or diskmaint error after a hostservices restart
IV54734Rule responses that send an offense summary email notification might include an unresolvable address in the URL
IV59270Risk score filter not filtering - returning all assets
IV59284Network hierarchy tree shows "undefined" when network group has depth greater than 9 levels
IV59345Improperly formatted system events are being picked up by the CRE log source
IV60520Offense rule condition "log source type(s) that detected the offense" does not fire due to log source mismatch
IV60570Non-admin users unable to view full rule details
IV60575Notification QID value is incorrect
IV60576Improve CRE performance against ports and large database tables
IV60644Excessive SIM audit events for HA SSH activity
IV60760Routing rules filter returning unexpected results
IV60765Filtering payload by regex ending with "\ " interferes with the log activity view
IV61200Sorting in asset details - user list does not work
IV61255QRadar shows a timestamp for 'last seen passive' even if all flow sources are disabled
IV61260Rule test to not create offense if 2 rules are matched is creating an offense
IV61456Column sorting not sorting in the log source window
IV61687Rule information is missing from the audit log when rules are modified
IV62203Manual carriage returns used in the text field of an offense note cause incomplete note output in the audit logs
IV62349WinCollect log source display sorting returns no results in 7.1.0
IV62439UI problem in Firefox 30 - unable to select level on source network group
IV62441Asset table export shows 0.0.0.0 for the IP at times when the GUI displays a real IP
IV62476Vulnerability details not shown for non-admin user
IV63048Memory leak in bandwidth manager
IV63122When sharing a saved search, 'include in my dashboard' is selected by default and should not be
IV63346Having an equal sign "=" in a rule name can cause events to be dropped and other event pipeline failures
IV63375Large increase in events generated by the system notification log source
IV63416Grouped event searches containing numeric custom properties may return incorrect sum calculations
IV63452When an HA failover occurs, additional bonded interfaces will be removed
IV63457Active directory login fails when trying to authenticate to the API
IV63462PDF report filenames with chinese characters that are mailed do not retain correct chinese characters in the attachment name
IV63610The 'wrap text' check box does not work when selected for viewing Cisco IDS event payloads
IV63733Tunnelrdate warning messages generated even when not using encryption between console and managed host
IV63742'BB:CategoryDefinition: countries/regions with no remote access' contains an incorrect location name
IV63743Selecting a language option other than english for QRadar Log Manager does not work
IV63792The destination IP sourceport is appended to the destination IP when querying type-b superflows
IV63798Network activity search right click filter options for an application is or is not 'other' does not return correct results
IV63799Change in locale settings from english to any other language causes no data results from flow data application searches
IV64011The number of data variables in an offense CRE SNMP trap does not match that of the associated QRadar file
IV64141QRadar patch may fail or complete but with errors that reference 722_patch_58912.install
IV64252Reference map of maps does not work as described in the QRadar Admin Guide documentation
IV64738QFlow process stops and then fails to start
IV64977Log activity advanced search that specifies using 'logsourcegroupname' only returns results from the group 'other'
IV65081Multiple vulnerabilities in IBM QRadar SIEM (cve-2014-0075, cve-2014-0096, cve-2014-0119)
IV65711Multiple vulnerabilities in IBM QRadar SIEM (cve-2014-3508, cve-2014-3511)
IV66371Rules no longer firing after a reference set is found to be empty or does not exist
IV66785The partition /store/ariel/persistent_data is not monitored by disk sentinel
IV66787No flow information is displayed when using non-english locale in some instances
IV66874The 'admin' tab, 'remote networks and services configuration' page does not load correctly in the QRadar UI

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
17 June 2018

UID

swg27043803