IBM Support

QRadar: Why am I no longer able to see geo locations "misc.SatelliteProvider" and "misc.AnonymousProxy" in log activity search criteria?

Question & Answer


Question

QRadar: Why am I no longer able to see geo locations "misc.SatelliteProvider" and "misc.AnonymousProxy" in log activity search criteria? Or why do my rules using those either of those fields end in error?

Answer

Those 2 entries ("misc.SatelliteProvider" and "misc.AnonymousProxy) are only in a new install of the product or in a server that has not had the auto updates run.  The fields are removed once auto update runs.
It is removed because both of those were deprecated fields were deprecated by MaxMind. According to MaxMind , "is_anonymous_proxybooleanDeprecated" and "is_satellite_providerbooleanDeprecated. "
If there are rules in the environment referring to either of those fields, update the rules to remove those fields since MaxMind is no longer providing that updated information and/or providing it as part of the free account.

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSV4BL","label":"IBM QRadar"},"ARM Category":[{"code":"a8m0z000000cwtEAAQ","label":"Log Activity"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
25 April 2024

UID

ibm17149562