Question & Answer
Question
QRadar: Why am I no longer able to see geo locations "misc.SatelliteProvider" and "misc.AnonymousProxy" in log activity search criteria? Or why do my rules using those either of those fields end in error?
Answer
Those 2 entries ("misc.SatelliteProvider" and "misc.AnonymousProxy) are only in a new install of the product or in a server that has not had the auto updates run. The fields are removed once auto update runs.
It is removed because both of those were deprecated fields were deprecated by MaxMind. According to MaxMind , "is_anonymous_proxybooleanDeprecated" and "is_satellite_providerbooleanDeprecated. "
If there are rules in the environment referring to either of those fields, update the rules to remove those fields since MaxMind is no longer providing that updated information and/or providing it as part of the free account.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSV4BL","label":"IBM QRadar"},"ARM Category":[{"code":"a8m0z000000cwtEAAQ","label":"Log Activity"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
25 April 2024
UID
ibm17149562