Release Notes
Abstract
A list of issues that were fixed in IBM Security QRadar SIEM V7.2.6.
To see the issues that were fixed in a QRadar SIEM V7.2.6 patch release, see the Resolved Issues list in the Patch Release Notes.
Content
| Number | Description |
|---|
| IV54477 | During the reboot phase of a QRadar upgrade, the system might hang due to multiple SSH sessions |
| IV61182 | Message "java.lang.illegalargumentexception" when trying to filter on connection type |
| IV61296 | Report time zone defaults to first value (GMT-11) for various time zones |
| IV69344 | Hostservices sometimes does not restart the IMQ process |
| IV69368 | Search parameter value fields currently have a maximum 255 character restriction |
| IV69371 | Manually created network hierarchy object named 'other' will not display in rules |
| IV69642 | Asset search filter 'add filter' not working as expected |
| IV70531 | Custom rules no longer fire after switching an event rule to a common rule |
| IV70532 | Clean assets with port vulnerabilities setting is worded incorrectly |
| IV70533 | AQL: 'where' clause ordering affects time range limiters (start and stop) |
| IV70632 | The 'category' selection in the rule wizard is not consistent with the rest of the UI |
| IV70661 | Reference sets populated with QRadar field like "event name" and "log source" cannot be used in rules or filters properly |
| IV70827 | Exporting offenses to CSV format can cause the "allnotes" field to parse incorrectly |
| IV71188 | Multiple unique SAR notifications from certain system events can get grouped into 1 event |
| IV71205 | QRadar UI may incorrectly return message 'Data re-balancing is complete with errors' while the logs indicate it is not complete |
| IV71208 | Improper regex for default 'flow source' custom property |
| IV71506 | Updating a console with a public IP address causes deployment editor to no longer save changes |
| IV71766 | Modifying the ariel hashing algorithm requires two full deploys to take effect |
| IV72519 | Generated offense emails contain incorrect 'last observed' date of '1 Jan 1970' |
| IV72676 | Store and forward collector is unable to load the bandwidth limiting rules after patching |
| IV72738 | User locale setting resets to QRadar default (English) after user role change |
| IV72888 | Error when performing QRadar advanced searches when ordering by "Byte" column |
| IV72903 | System notification error 'Out of memory discovered for host context' during backup process |
| IV72919 | QRadar Incident Forensics - PCAP appliance 'network throughput graph' shows larger than expected fluctuations |
| IV72922 | Calculation-based custom event property fields are not displayed in the flow and event detail pages |
| IV73026 | QRadar Incident Forensics - Creating more than 40 cases in Case Management generates errors in the forensics.log file |
| IV73207 | Global view configuration persists after global view is deleted causing unexpected results |
| IV73343 | Searches that include comma separated IP addresses as a filter fail with error "There was a problem performing the query..." |
| IV73345 | Changes made to displayed column and saved as a new asset quick search are not honored on subsequent asset pages |
| IV73479 | Unable to delete a reference set |
| IV73510 | Generated report pie charts display an alphanumeric string in the legend |
| IV73598 | 'NetBiosGroup' asset updates are not occurring |
| IV73625 | Performing a full deploy interrupts QRadar searches that are in progress |
| IV73630 | Searching for a log source by name requires clicking the 'Go' button |
| IV73697 | 'Parse error...' message pop up when logging out of the QRadar user interface |
| IV73915 | "illegalstateexception" error observed in QRadar logging after saving a log source |
| IV73916 | "qidmapfactory" error observed in QRadar logging after full deploy or other ECS service restart |
| IV74082 | Restoring a configuration backup that was taken from a QRadar NAT environment to a non-NAT environment fails |
| IV74103 | On demand QRadar configuration backups do not start if scheduled configuration backups are disabled |
| IV74152 | If 128 or more user roles have been created, some users may appear to have the Admin role in user details dropdown |
| IV74154 | Performing a partial configuration restore that includes assets can fail on asset vulnerability information |
| IV74229 | X-Force rules might be classified as expensive custom rules |
| IV74286 | Log source reports might not include child log sources from selected parent log source groups |
| IV74397 | Store and forward appliances (15xx) memory tunings can cause ECS-EC to run out of memory |
| IV74552 | 'Send feedback' check box does not work as expected |
| IV74555 | "Please try again' from hosts with encryption enabled |
| IV74559 | Searches that include search filters containing an IP address with a preceding or trailing blank space do not return results |
| IV74894 | Content management tool (CMT) fails to import reference data of type 'string' that begins with a numeral |
| IV74956 | High availability configuration restore can fail with error 'Backup from a non-HA standby system cannot be restored...' |
| IV75075 | The 'test group' drop down menu of the rule wizard: rule test stack editor displays 'network property tests' twice |
| IV75109 | Offense email responses do not work due to the alert-config.xml file being emptied |
| IV75112 | Creating a high availability pair can fail when the appliance hostname(s) are longer than 54 characters |
| IV75203 | Repeated QRadar.error logging of '[Warn] no PID file /store/tmp/status/qflow.pid yet] |
| IV75920 | 'Send to forwarding destination' rule response is not an available option for flow and offense rules |
| IV75957 | Changes in how QRadar creates tunnels can cause deployment failures if configured with an encrypted offsite console |
| IV75958 | Deployments fail and hostcontext won't start after using qchange_netsetup with a bonded management interface |
| IV76161 | Error during appliance boot '...prepare_io_scheduler: line 22: echo: write error : invalid argument' |
| IV76217 | Error 'Host already exists in server host table' when attempting to add a high availability secondary |
| IV76403 | QRadar login attempts can create duplicate user profiles when LDAP group authorization is configured |
| IV76406 | Assets that have multiple operating systems defined and have scan vulnerabilities identified can cause 'stored' events |
| IV77431 | Authentication token information might not be restored after performing a configuration backup restore |
| IV77644 | 'Assetuser' and 'assethostname' functions generate errors when using ariel_query or api_client from the QRadar backend |
| IV77924 | Some QRadar Incident Forensics integrated console logging is being written to the incorrect log file |
| IV78408 | Running concurrent searches on a QRadar appliance that is experiencing heavy load can cause nullpointerexceptions |
| IV78479 | Performing quick filter searches can sometimes return an error 'The server encountered a file access error' |
| IV78537 | Historical correlation can cause generated offenses for rules without offense rule responses |
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg27046694