IBM Support

Release of QRadar 7.2.8 Patch 14 (7.2.8.20181017162208)

Release Notes


Abstract

A list of the installation instructions, new features, and includes resolved issues list for the release of IBM Security QRadar 7.2.8 Patch 14 (7.2.8.20181017162208).

Content

Important advisories in this update
This QRadar software update includes an operating system mitigation for the side-channel analysis vulnerability known as Spectre (Variant 1) and Meltdown (Variant 3). Due to a potential change to search performance in Meltdown (Variant 3), a new installation prompt is displayed to administrators so they can decide how the mitigation is applied. Installation of this update is not intended to, nor will it provide mitigation measures against Spectre Variant 2 (CVE-2017-5715). The mitigation for Variant 2/Spectre requires an OEM microcode/BIOS update on appliances. For information about other variants for Spectre and Meltdown, see the following IBM Flash Notice: http://www.ibm.com/support/docview.wss?uid=swg22012320.

This update contains a mitigation for CVE-2017-5754 Variant 3/Meltdown provided by Red Hat that can impact search performance. Administrators must read the release notes before they install this update.

Choices:
1) Enable: Turn ON the mitigation for Variant 3/Meltdown on all appliances.
2) Disable: Turn OFF the mitigation for Variant 3/Meltdown on all appliances. IF YOU CHOOSE NOT TO ENABLE THIS UPDATE TO ADDRESS CVE-2017-5754, YOU WILL NOT HAVE ANY PROTECTION AGAINST VARIANT 3/MELTDOWN.
3) Abort patch.


CVEID: CVE-2017-5753 (Variant 1/Spectre)
MITIGATION: Enabled by default during the installation of QRadar 7.2.8 Patch 13 and cannot be disabled.
DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex A57 CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a bounds check bypass in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to cross the syscall boundary and read data from the CPU virtual memory.
IMPACT: No performance impact.

CVEID: CVE-2017-5754 (Variant 3/Meltdown)
MITIGATION: An installation prompt is provided to enable or disable this mitigation on appliances. A utility is also provided to allow administrators to enable or disable the mitigation for CVE-2017-5754 (Variant 3/Meltdown) post-installation, see Installation wrap-up for further details. IBM cannot be held responsible for risks incurred by administrators who do not enable the mitigation of CVE-2017-5754 (Variant 3/Meltdown).
IF YOU CHOOSE NOT TO ENABLE THIS UPDATE TO ADDRESS CVE-2017-5754, YOU WILL NOT HAVE ANY PROTECTION AGAINST VARIANT 3/MELTDOWN.
DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex A57 CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a rogue data cache load in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to cause the CPU to read kernel memory from userspace before the permission check for accessing an address is performed.
IMPACT: Search performance degradation has been observed on appliances when the mitigation for Variant 3/Meltdown is enabled. Administrators who want to evaluate search duration on appliances before they apply the mitigation can review the following technical note: Search performance evaluation for CVE-2017-5754 (Variant 3/Meltdown).

 


Firmware notice
The mitigation for Variant 2/Spectre requires an OEM microcode/BIOS update on appliances. For more information on firmware releases, see: https://ibm.biz/qradarfirmware.

 


Performance assessment summary
Administrators can expect performance degradation after they enable the mitigation for the vulnerability.

  • A 3% to 6% increase in CPU utilization has been observed across all workloads on appliances after the mitigation applied.
  • Search performance for most common search types has been observed to degrade by 0% to 10%, with the following exceptions:
  • Searches that use indexed criteria and match a moderate number of results (less than 10% of the total searched dataset) are expected to be degraded between 3% to 20%.
  • Open-ended searches that have no limit applied to the query and return a very large number of results (30% of the total searched dataset or more) are expected to be degraded by up to 2x.
  • The impact on data processing is estimated to be in the 0% to 20% range.
  • High availability on 1 Gbit network is not affected. The initial high availability setup speed and catch-up replication speed after fail-over will be lower on 10 Gbit network. However, the replication rate is still in the multiple hundreds MB/s, which is sufficient for real time replication.

 

Upgrade information


Fix packs are cumulative software updates to fix known software issues in your QRadar deployment. QRadar fix packs are installed by using an SFS file. The fix pack can update all appliances attached to the QRadar Console. If your deployment is installed with any of the following QRadar versions, you can install fix pack 7.2.8-QRADAR-QRSIEM-20181017162208 to upgrade to QRadar 7.2.8 Patch 14:

 

 

Current QRadar Version Upgrades to QRadar 7.2.8 Patch 14?
QRadar 7.2.3 (any patch level) or earlier No, a minimum of QRadar 7.2.4 is required.
QRadar 7.2.4 (any patch level) Yes
QRadar 7.2.5 (any patch level) Yes
QRadar 7.2.6 (any patch level) Yes
QRadar 7.2.7 (any patch level) Yes
QRadar 7.2.8 (any patch level) Yes

 

 

 

The 7.2.8-QRADAR-QRSIEM-20181017162208 fix pack can upgrade QRadar 7.2.4 (7.2.4.983526) and later to the latest QRadar 7.2.8 software version. However, this document does not cover all of the installation messages and requirements, such as changes to memory requirements or browser requirements for QRadar. To review any additional requirements, see the QRadar Upgrade Guide. If you are on a version of QRadar earlier than QRadar 7.2.4, you must upgrade to QRadar 7.2.4 before proceeding to QRadar 7.2.8.

 

 


 

 

 

Before you begin


Ensure that you take the following precautions:

  • To avoid access errors in your log file, close all open QRadar sessions.
  • The fix pack for QRadar cannot be installed on a managed host that is at a different software version from the Console. All appliances in the deployment must be at the same software revision to patch the entire deployment.
  • Verify that all changes are deployed on your appliances. The patch cannot install on appliances that have changes that are not deployed.
  • The .SFS file for QRadar 7.2.8 Patch 14 can only update existing QRadar installations. A QRadar 7.2.8 ISO is available for administrators to want to install a new appliance or virtual machine. Administrators who want to complete a new install should review the QRadar Installation Guide.

 

 

Installing the QRadar 7.2.8 Patch 14 Fix Pack


The instructions guide administrators through the process of upgrading an existing QRadar version at 7.2.4 or higher to the newest software version. If the administrator is interested in updating appliances in parallel, see: QRadar: How to Update Appliances in Parallel.

 

 

 

 

 

Procedure
This release of QRadar 7.2.8 Patch 14 supersedes all other QRadar 7.2.8 builds.

  1. Download the fix pack to install QRadar 7.2.8 Patch 14 from the IBM Fix Central website: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+Security+QRadar+Vulnerability+Manager&fixids=7.2.8-QRADAR-QRSIEM-20181017162208&function=fixId&parent=IBM%20Security
  2. Using SSH, log in to your system as the root user.
  3. Copy the fix pack to the /tmp directory on the QRadar Console. Note: If space in the /tmp directory is limited, copy the fix pack to another location that has sufficient space.
  4. To create the /media/updates directory, type the following command: mkdir -p /media/updates
  5. Change to the directory where you copied the patch file. For example, cd /tmp
  6. To mount the patch file to the /media/updates directory, type the following command:
    mount -o loop -t squashfs 728_QRadar_patchupdate-7.2.8.20181017162208.sfs /media/updates
  7. To run the patch installer, type the following command: /media/updates/installer
    Note: The first time that you run the fix pack, there might be a delay before the fix pack installation menu is displayed.
  8. Using the patch installer, select all.
  • The all option updates the software on all appliances in the following order:


    1. Console
    2. No order required for remaining appliances. All remaining appliances can be updated in any order the administrator requires.

     

  • If you do not select the all option, you must select your Console appliance.

    As of QRadar 7.2.6 Patch 4 and later, administrators are only provided the option to update all or update the Console appliance. Managed hosts are not displayed in the installation menu to ensure that the Console is patched first. After the Console is patched, a list of managed hosts that can be updated is displayed in the installation menu. This change was made starting with QRadar 7.2.6 Patch 4 to ensure that the Console appliance is always updated before managed hosts to prevent upgrade issues.

    If administrators want to patch systems in series, they can update the Console first, then copy the patch to all other appliances and run the patch installer individually on each managed host. The Console must be patched before you can run the installer on managed hosts. When updating in parallel, there is no order required in how you update appliances after the Console is updated.

    If your Secure Shell (SSH) session is disconnected while the upgrade is in progress, the upgrade continues. When you reopen your SSH session and rerun the installer, the patch installation resumes.

     

 

Installation wrap-up

 

  1. Due to the potential search performance change when CVE-2017-5754 (Variant 3/Meltdown) is enabled, the installation of QRadar 7.3.1 Patch 4 includes a utility to allow administrators to enable or disable the mitigation after the initial installation completes. Administrators must be aware of the security implications if they choose to use this utility to disable the mitigation for CVE-2017-5754 (Variant 3/Meltdown). IBM cannot be held responsible for risks incurred by administrators who choose to disable the mitigation for CVE-2017-5754.
    • To enable the mitigation on all hosts from the QRadar Console, type: /opt/qradar/bin/configure-spectre-meltdown-fixes.sh enable-all
    • To enable the mitigation on an individual appliance, SSH to the individual appliance and type: /opt/qradar/bin/configure-spectre-meltdown-fixes.sh enable 
    • To disable the mitigation on all hosts from the QRadar Console, type: /opt/qradar/bin/configure-spectre-meltdown-fixes.sh disable-all
    • To disable the mitigation on an individual appliance, SSH to the individual appliance and type: /opt/qradar/bin/configure-spectre-meltdown-fixes.sh disable 
  2. After all hosts are updated, advise your team that they must clear their browser cache before logging in to QRadar SIEM.
  3. To unmount the /media/cdrom directory on all hosts, type:
    /opt/qradar/support/all_servers.sh -C -k “umount /media/updates"
  4. Delete the SFS file from all appliances.

    Results
    The installation is complete. For more information about the security fixes in this release, see the resolved issues list.

 

 

Resolved issues


Legend: ** characters are displayed next to an APAR indicate that this issue was discovered in another software version, such as QRadar 7.3.0 and a fix was created to resolve this issue in 7.2.8 Patch 10. Some APAR links in the table below might take 24 hours to display properly after a software release.

 

 

 

Resolved issues in QRadar 7.2.8 Patch 14
Product Component Number Description
QRADAR SECURITY BULLETIN CVE-2018-2952 Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM
QRADAR SECURITY BULLETIN CVE-2018-1728 IBM QRadar SIEM is vulnerable to Cross-Site Scripting
QRADAR SECURITY BULLETIN CVE-2018-1730 IBM QRadar SIEM is vulnerable to XML External Entity Injection
QRADAR SECURITY BULLETIN CVE-2017-1622 The Application framework within IBM QRadar SIEM is vulnerable to Improper Certificate Validation
QRADAR RULES IV98895 RULE RESPONSE LIMITER FOR ANOMALY (THRESHOLD) RULES IS NOT FUNCTIONING AS EXPECTED
QRADAR DOMAINS IJ07713 QRADAR DOES NOT ALLOW ALL TOP LEVEL DOMAINS IN EMAIL ADDRESS DATA VALIDATION, CAN RETURN 'EMAIL ADDRESS IS NOT VALID'
QRADAR OFFENSES IJ07710 OFFENSE EXPORT TEMPLATE FIELD ORDER CHANGED AFTER PATCHING QRADAR
QRADAR REPORTS IJ07276 RTF FORMATTED REPORTS CAN FAIL TO GENERATE WITH A NULLPOINTEREXCEPTION DISPLAYED IN THE LOGS
QRADAR REPORTS IJ06862 REPORT RUNNER OUT OF MEMORY CAN OCCUR WHILE ATTEMPTING TO GENERATE VERY LARGE TABLE CHART PDF REPORTS
QRADAR SEARCHES IJ06807 MODIFYING THE START TIME FOR A LOG ACTIVITY SEARCH CAUSES A BLANK UI WINDOW FOR SOME QRADAR USER LOCALES
QRADAR SEARCHES IJ06611 POP UP WINDOW WITH NO SEARCH RESULTS WHEN DRILLING DOWN INTO SEARCH RESULTS
QRADAR ASSETS IJ05756 WHEN AN ASSET HAS A 'GIVEN NAME' ASSIGNED, ANY SUBSEQUENT ASSET NAME CHANGES DO NOT OCCUR IN 'EDIT ASSET PROFILE' WINDOW
QRADAR REPORTS IJ05334 TABLE REPORT VALUE FORMATTING CAN DISPLAY INCORRECTLY FOR AQL AGGREGATED DATA
QRADAR VULNERABILITY MANAGER REPORTS IJ04217 VULNERABILITIES REPORT CAN SOMETIMES GENERATE A REPORT RUNNER OUT OF MEMORY EXCEPTION
QRADAR OFFENSES IV90797 DISPLAYING OFFENSE COUNT BY CATEGORY AND/OR NETWORK DOES NOT RESPECT USER ACCOUNT DOMAIN CONFIGURATION
QRADAR REPORTS IV85637 TOP SOURCES AND TOP DESTINATION DASHBOARD SEARCHES REPORT DATA FROM ALL DOMAINS NOT JUST THE CONFIGURED ONES
QRADAR FLOWS IV84601 CATEGORIZATION OF OFF-SITE SOURCE AND TARGET FOR FLOWS DISPLAYS AS 'UNKNOWN' AND APPLICATION DISPLAYS AS 'OTHER'
QRADAR OFFENSES IJ07012 OFFENSE RENAMING OPTION IS NOT WORKING AS EXPECTED WHEN USING TRIGGERTIMEOUT INTERVAL, DISPLAYS AS 'INFORMATION - EVENT CRE'
QRADAR EVENTS IJ06381 EVENTS FORWARDED VIA AN OFFENSE RULE DO NOT HAVE A VALID SYSLOG HEADER APPENDED
QRADAR OFFENSES IJ05963 OFFENSES INDEXED BY A CUSTOM EVENT PROPERTY WITH FIVE SEQUENTIAL POUNDS SIGNS CAN CAUSE OFFENSES TO STOP
QRADAR ASSETS IJ02816 APPLICATION DATA CONTINUES TO BE SENT TO THE ASSET MODEL AFTER DISABLING 'CLIENT APPLICATION PROFILING'
QRADAR NETWORK INSIGHTS FLOWS IJ06871 QRADAR NETWORK INSIGHTS ATTRIBUTE ARE NOT BEING FORWARDED THROUGH QFLOW
QRADAR APPS IJ02457 UNPARSED CRE EVENTS CONTAINING 'WHERE CATEGORY BETWEEN..." OBSERVED WHEN USER BEHAVIOR ANALYTICS (UBA) APP INSTALLED
QRADAR APPS IJ04174 APPS TABS CAN BE SLOW TO LOAD AND/OR OR FAIL TO LOAD IN THE USER INTERFACE DUE TO DOCKER FREE SPACE PROVISIONING
QRADAR LOG SOURCES IV87195 SOME QRADAR CONFIGURATIONS CONTAINING A LARGE NUMBER OF LOG SOURCES CAN SOMETIMES EXPERIENCE PERFORMANCE DEGRADATION
QRADAR CONTENT MANAGEMENT IJ04182 CONTENT MANAGEMENT TOOL CAN FAIL DURING THE IMPORT OF CUSTOM_ACTION TABLES
QRADAR TABLES IJ05311 GARP REQUEST DURING HA_SETUP.SH CAN SOMETIMES BE BLOCKED BY A NETWORK SWITCH PREVENTING ARP TABLES FROM BEING UPDATED
QRADAR APPLIANCES IJ02465 ISSUES CAN BE ENCOUNTERED AFTER PATCHING A HIGH AVAILABILITY PRIMARY HOST THAT WAS REBUILT USING HA RECOVERY PROCEDURE
QRADAR RISK MANAGER EVENTS IV94164 QRM RULE EVENT COUNTS CAN BE INCONSISTENT
QRADAR RISK MANAGER SIMULATIONS IJ03668 SIMULATIONS USING PARAMETER 'ARE SUSCEPTIBLE TO VULNERABILITIES WITH CVSS SCORE GREATER THAN 5' RETURN INCORRECT RESULTS
QRADAR VULNERABILITY MANAGER REPORTS IV94159 QVM SCANS COMPLETE BUT THE ASSOCIATED SCANS REPORTS CAN SOMETIMES FAIL
QRADAR VULNERABILITY MANAGER DEPLOYMENT IJ06758 'QVM IS IN THE PROCESS OF BEING DEPLOYED' WHEN SELECTING THE VULNERABILITIES TAB IN THE QRADAR USER INTERFACE
QRADAR VULNERABILITY MANAGER SEARCHES IJ04164 RUNNING A MANAGE VULNERABILITY ASSET SEARCH CAN SOMETIMES FAIL WITH 'APPLICATION ERROR'
QRADAR VULNERABILITY MANAGER ASSETS IJ00941 EXCEPTIONED VULNERABILITIES ARE STILL APPEARING IN MANAGE VULNERABILITY VIEW FOR SOME ASSETS
QRADAR VULNERABILITY MANAGER SCANS IJ00331 "SCAN PROFILE ALREADY RUNNING" MESSAGE DISPLAYED WHEN VIEWING A CONFIGURED SCAN THAT HAS AN OPERATIONAL WINDOW CONFIGURED
QRADAR SCANS IV97516 'WHEN THE DESTINATION IS VULNERABLE TO CURRENT EXPLOIT ON ANY PORT' RULE TEST STOPS WORKING AFTER VULNERABILITY SCAN
QRADAR API IJ06032 CHANGES MADE WITHIN THE INCLUDED QRADAR API CHANGED HOW SOME QRADAR APPS FETCH DATA (EG. USER BEHAVIOR ANALYTICS - UBA)
QRADAR VULNERABILITY MANAGER WINCOLLECT IV99280 CHANGES MADE TO THE WINCOLLECT SERVER CONFIGURATION ARE NOT PUSHED OUT TO WINCOLLECT AGENTS
Resolved issues in QRadar 7.2.8 Patch 13
Product Component Number Description
QRADAR SECURITY BULLETIN CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 IBM QRADAR SIEM HAS RELEASED 7.3.1 PATCH 4 AND 7.2.8 PATCH 13 IN RESPONSE TO THE VULNERABILITIES KNOWN AS SPECTRE AND MELTDOWN

 

 

 

 

 

 

 

 

Issues resolved in QRadar 7.2.8 Patch 12
Product Component Number Description
QRADAR SECURITY BULLETIN CVE-2018-1418 IBM QRadar Incident Forensics, as found in IBM QRadar SIEM, is vulnerable to an authentication bypass leading to remote command injection
QRADAR SECURITY BULLETIN CVE-2017-1724 IBM QRadar SIEM is vulnerable to cross-site scripting
QRADAR SECURITY BULLETIN CVE-2017-1723 IBM QRadar Incident Forensics, as used in IBM QRadar SIEM, is vulnerable to authenticated path traversal
QRADAR SECURITY BULLETIN CVE-2017-1722 IBM QRadar SIEM is vulnerable to SQL Injection
QRADAR SECURITY BULLETIN CVE-2017-1721 IBM QRadar Incident Forensics, as found in IBM QRadar SIEM, is vulnerable to remote code execution
QRADAR SECURITY BULLETIN CVE-2014-3576 IBM QRadar SIEM contains vulnerable components and libraries
QRADAR SECURITY BULLETIN CVE-2011-4314 IBM QRadar SIEM contains vulnerable components and libraries
QRADAR SECURITY BULLETIN CVE-2016-4970 IBM QRadar SIEM contains vulnerable components and libraries
QRADAR SECURITY BULLETIN CVE-2015-5262 IBM QRadar SIEM contains vulnerable components and libraries
QRADAR SECURITY BULLETIN CVE-2016-3092 QRadar SIEM contains vulnerable components
QRADAR SECURITY BULLETIN CVE-2015-0250 IBM QRadar SIEM contains vulnerable components
QRADAR SECURITY BULLETIN CVE-2016-9878 IBM QRadar SIEM contains vulnerable components and libraries
QRADAR SECURITY BULLETIN CVE-2015-5262 IBM QRadar SIEM contains vulnerable components and libraries
QRADAR RULES IJ02437 BUILDING BLOCKS CAN FAIL TO WORK AS EXPECTED WHILE RULES ARE BEING RELOADED
QRADAR NETWORK INSIGHTS FLOWS IV99710 FLOWS UNEXPECTEDLY ARE NO LONGER BEING RECEIVED FROM A QRADAR NETWORK INSIGHTS APPLIANCE
QRADAR TEST MESSAGES IV98932 /VAR/LOG/ PARTITION CAN BECOME FILLED DUE TO REPEATED TEST EXCEPTION MESSAGES BEING LOGGED
QRADAR CUSTOM PROPERTIES IV98710 ATTEMPTING TO USE THE VALID REGEX (?I) (FOR CASE INSENSITIVE) IN A CUSTOM PROPERTY FAILS WITH "REGEX IS INVAILD"
QRADAR USER INTERFACE IV98655 REFERENCE SETS THAT CONTAIN LARGE DATASETS THAT ARE LOADED VIA THE API CAN SOMETIMES CAUSE UI INSTABILITY/INACCESSABILITY
QRADAR CUSTOM PROPERTIES IV98452 EMAIL RESPONSE USING CUSTOM EMAIL TEMPLATE DISPLAYS A TEMPLATE STRING CODE INSTEAD OF 'N/A' FOR NULL CUSTOM PROPERTIES
QRADAR NETWORK INSIGHTS DEPLOYMENT EDITOR IV98422 DEPLOYMENT EDITOR NO LONGER LOADS AFTER ADDING A QNI APPLIANCE TO THE DEPLOYMENT WITH A NETFLOW SOURCE CONFIGURED
QRADAR USER INTERFACE IV98247 CLICKING 'SAVE' AFTER EDITING A SCAN POLICY CAN APPEAR TO HANG AND NOT SAVE SUCCESSFULLY
QRADAR VULNERABILITY MANAGER APPLIANCES IV97828 ADDING A QVM 600 APPLIANCE TYPE TO QRADAR DEPLOYMENT CAN FAIL TO MOVE OWNERSHIP OF THE FUSIONVM DATABASE PROPERLY
QRADAR SEARCHES IV97612 CREATING A GLOBAL VIEW BASED ON A SEARCH CONTAINING A QUICK FILTER DOES NOT WORK AS EXPECTED
QRADAR CONTENT TYPES IV97847 'INVOCATION WAS SUCCESSFUL, BUT TRANSFORMATION TO CONTENT TYPE\ "APPLICATION_JSON" FAILED' WHEN PULLING VIA THE API
QRADAR VULNERABILITY MANAGER QUERY IV97176 QVM CAN DISPLAY INCORRECT NUMBER OF 'FIXED' PATCH STATUS QUERY RESULTS
QRADAR OFFLINE FORWARDER IV96421 OFFLINE FORWARDER FEATURE CAN EXPERIENCE A BUFFEROVERFLOW EXCEPTION IN QRADAR LOGGING DUE TO LOG SIZE LIMIT SETTING
QRADAR SEARCHES IV95449 USING THE 'UPDATE' BUTTON ON A LOG ACTIVITY SEARCH PAGE THE DAY OF A DST (TIME) CHANGE MOVES THE START/END TIME ONE HOUR
QRADAR OFFENSES IV92376 OFFENSES CAN SOMETIMES NOT GENERATE WHEN A RULE RESPONSE TO CREATE A NEW OFFENSE INDEXED BY HOSTNAME (CUSTOM) IS CONFIGU
QRADAR CUSTOM PROPERTIES IV91660 CREATING A CUSTOM PROPERTY CALLED 'HOSTNAME' CAN BECOME CHANGED TO 'HOST NAME' UNEXPECTEDLY
QRADAR CUSTOM RULES ENGINE IV90379 RULES WITH A REGEX FILTER ON EVENT PROCESSOR CAN CAUSE PERFORMANCE DEGRADATION AND EVENTS WRITTEN TO STORAGE
QRADAR SEARCHES IV90066 'GENERAL FAILURE. PLEASE TRY AGAIN' WHEN PERFORMING A 'GROUP BY' SEARCH OF A PROPERTY, FILTERED AGAINST A REFERENCE SET
QRADAR DATABASE IV85442 THE X-FORCE SCASERVER PROCESS CAN FAIL TO START DUE TO DATABASE FILE CORRUPTION AFTER AN UPDATE
QRADAR SEARCHES IJ05096 QUICK SEARCHES CONTAINING AN 'AND' OPERATOR CAN SOMETIMES FAIL TO PROGRESS TO COMPLETION
QRADAR LOG SOURCES IJ04479 THE MBEAN FOR A (LSX) DSM EXTENSION IS NOT VISIBLE AFTER DEPLOY IS PERFORMED WHEN USED WITH A MANUALLY ADDED LOG SOURCE
QRADAR OFFENSES IJ04225 USING THE QRADAR API "GET /SIEM/OFFENSE" TO RETRIEVE A LIST OF OFFENSES CAN TAKE LONGER THAN EXPECTED TO COMPLETE
QRADAR APPLIANCES IJ04167 CANNOT ADD TO XX29 APPLIANCE TO 7.2.8.X QRADAR DEPLOYMENT AS COMPONENT TEMPLATES ARE SET AS VERSION 7.3.0 AND NOT 7.2.8
QRADAR NETWORK INSIGHTS CUSTOM APPLICATIONS IJ04056 PORT BASED APPLICATION MAPPINGS ARE IGNORED WHEN USING QRADAR NETWORK INSIGHTS
QRADAR ASSET SEARCH IJ03597 ASSET SEARCH LOGGING IS TOO VERBOSE CAUSING QRADAR.LOG TO BE WRITTEN TO UNNECESSARILY
QRADAR RISK MANAGER DATA BACKUPS IJ03493 RISK MANAGER DATA BACKUPS CAN FAIL WHEN TOO MANY TOPOLOGY FILES ARE ON DISK AND LEAD TO A FREE SPACE ISSUE ON /STORE PARTITION
QRADAR AQL IJ03405 AQL SEARCHES THAT OPEN THE LOG ACTIVITY PAGE AFTER COMPLETING CAN DISPLAY UNEXPECTED HTML CHARACTERS
QRADAR NETFLOW TRAFFIC IJ03342 NETFLOW TRAFFIC CONTAINING SUPERFLOWS CAN SOMETIMES REPORT INCORRECT FIRST/LAST PACKET TIME
QRADAR VULNERABILITY MANAGER SCANS IJ03246 ALL SCHEDULED SCANS THAT RUN ON DECEMBER 1ST START AT MIDNIGHT NO MATTER WHAT TIME THEY ARE CONFIGURED TO START
QRADAR OFFENSES IJ03028 'CREATED OFFENSE' EVENT IS NOT BEING GENERATED
QRADAR FLOWS IJ02836 NO FLOWS BEING RECEIVED FROM A QFLOW APPLIANCE
QRADAR CUSTOM PROPERTIES IJ02822 CUSTOM FLOW PROPERTIES ARE NOT BEING FORWARDED WHEN USING FORWARDING DESTINATION OPTION USING JSON
QRADAR REPORTS IJ02804 PRIORITY HEADER MISSING FROM PAYLOAD IN CSV EXPORT FROM AN AQL (ADVANCED) SEARCH CONTAINING A "GROUP BY"
QRADAR VULNERABILITY MANAGER SCANS IJ02773 OUT OF MEMORY CAN OCCUR WHEN PERFORMING AN EXPORT OF A LARGE SCAN RESULTS
QRADAR LOG SOURCES IJ02749 'TARGET EXTERNAL DESTINATIONS' BECOMES UNSELECTED AFTER PERFORMING A 'BULK EDIT' OF LOG SOURCES
QRADAR VULNERABILITY MANAGER LOGGING IJ02745 LOGGING IS TOO VERBOSE FOR VULNERABILITY NOT FOUND AND CAN CAUSE /VAR/LOG/ FREE SPACE ISSUES
QRADAR VULNERABILITY MANAGER SCANS IJ02572 SCAN RESULTS NOT BEING SENT TO BIGFIX
QRADAR APPLIANCES IJ02483 QRADAR CONFIG MAX FILES LIMIT CAN CAUSE A BUFFER OVERFLOW EXCEPTION IN THE SPILLOVER QUEUE IN LARGER QRADAR APPLIANCES
QRADAR DOCKER SHUTDOWN IJ02482 UNCLEAN DOCKER SHUTDOWN CAN LEAD TO QRADAR APP CONTAINERS FAILING TO START AND APPS NOT LOADING PROPERLY
QRADAR SEARCHES IJ02481 QRADAR ADVANCED SEARCH WITH TIME "SECOND" FIELD SET TO ANYTHING OTHER THAN " 0" HAS THE TIME "MINUTE" FIELD ROUNDED UP
QRADAR CUSTOM EVENT PROPERTIES IJ02471 WARNING MESSAGE DISPLAYED FOR IMPROPER TYPED CHARACTERS WHEN EDITING OR SAVING A CUSTOM EVENT PROPERTY NOT LOCALIZED
QRADAR RULES IJ02262 RULES IMPORTED FROM A SYSTEM WITH CONFIGURED DOMAINS TO A SYSTEM WITHOUT DOMAINS CAN SEE REFERENCE SET DATA ISSUES
QRADAR APPLICATIONS IJ02230 PERFORMING A SPLIT OF A HIGH AVAILABILITY PAIR CAN FAIL WITH "FAILED TO WIPE DRBD METADATA" ERROR WHEN APPS INSTALLED
QRADAR API IJ01996 USING THE QRADAR API WHEN AUTHENTICATING WITH AN AUTH TOKEN RETURNS DIFFERENT RESULTS THAN WITH USERNAME/PASSWORD AUTH
QRADAR SYSTEM NOTIFICATIONS IJ01869 "EVENT DROPPED WHILE ATTEMPTING TO ADD TO TENANT EVENT THROTTLE QUEUE. THE TENANT EVENTTHROTTLE QUEUE..." SYSTEM NOTIFICATION
QRADAR USER INTERFACE IJ01488 QRADAR'S TOMCAT PROCESS CAN RUN OUT OF AVAILABLE FILE HANDLES CAUSING USER INTERFACE STABILITY/FUNCTIONALITY ISSUES
QRADAR LOG ACTIVITY IJ01012 A REPORT RUN AGAINST A LOG ACTIVITY SAVED AQL SEARCH MAY BE GENERATED WITH AN ERROR
QRADAR NETWORK INSIGHTS KERNEL IJ00952 QNI DECAPPER STOPPED BECAUSE OF A RHEL OUT OF MEMORY FUNCTION
QRADAR CUSTOM EVENT PROPERTIES IJ00878 CUSTOM EVENT PROPERTY WITH SPACE IN ITS NAME IS NOT FORWARDED TO THE DESTINATION
QRADAR VULNERABILITY MANAGER SCANS IJ00368 SAVING A SCAN PROFILE CAN TAKE LONGER THAN EXPECTED
QRADAR USER INTERFACE IJ00059 SESSION LEAKS CAN CAUSE THE QRADAR USER INTERFACE TO BECOME REPEATEDLY INACCESSIBLE

 

 

 

Issues resolved in QRadar 7.2.8 Patch 11
Product Component Number Description
QRADAR LOG SOURCES IV99511** LOG SOURCE GROUP WINDOW CAN SOMETIMES FAIL TO LOAD WHEN GREATER THAN 1000 LOG SOURCES EXIST IN A GROUP
QRADAR VULNERABILITY MANAGER SCAN POLICY IV98930 'FAILED TO LOAD DATA' MESSAGE WHEN TRYING TO ADD NEW VULNERABILITIES INTO A PATCH SCAN POLICY
QRADAR DASHBOARDS IV98873** THE MESSAGE 'THERE WAS AN ERROR DOWNLOADING THIS ITEM' CAN SOMETIMES BE DISPLAYED IN A DASHBOARD WIDGET
QRADAR APPLICATIONS IV98744 HOSTCONTEXT OUT OF MEMORY INSTANCES CAN SOMETIMES OCCUR DURING BACKUP OF QRADAR APPS
QRADAR LOG SOURCES IV98493 BULK ADD/EDIT OF MORE THAN 100 LOG SOURCES CAN FAIL
QRADAR LOG SOURCES IV98436 UNABLE TO PERFORM A BULK ADD OF LOG SOURCES
QRADAR API IV98260 COMMA'S ARE TREATED AS "OR" IN QUICK FILTER SEARCHES CAUSING VARIED SEARCH RESULTS
QRADAR SEARCHES IV98190 'FAILED TO LOAD DATA' MESSAGE WHEN TRYING TO ADD NEW VULNERABILITIES INTO A PATCH SCAN POLICY
QRADAR SEARCHES IV98100 ADDING A REGEX FILTER TO A SEARCH CAN GENERATE ERROR 'FATAL EXCEPTION IN VALIDATIONEXCEPTION: THIS IS NOT A VALID...'
QRADAR LOG SOURCE EXTENSIONS IV97847 LOG SOURCE EXTENSIONS CAN EXPERIENCE SINGLE-DIGIT DATE PARSING ISSUES
QRADAR VULNERABILITY MANAGER VULNERABILITY ASSIGNMENT IV97523 UNABLE TO ADD NEW CIDR RANGES IN VULNERABILITY ASSIGNMENT SCREEN
QRADAR SEARCHES IV97151** 'THE SERVER ENCOUNTERED AN ERROR READING ONE OR MORE FILES' WHEN PERFORMING A LOG ACTIVITY SEARCH
QRADAR DOCKER IV95751** 'THE SERVER ENCOUNTERED AN ERROR READING ONE OR MORE FILES' WHEN PERFORMING A LOG ACTIVITY SEARCH
QRADAR REPORTS IV95248** 'THE SERVER ENCOUNTERED AN ERROR READING ONE OR MORE FILES' WHEN PERFORMING A LOG ACTIVITY SEARCH
QRADAR PATCH IV93699 PATCH TO 7.2 MR1 HANGS ON REBOOT IF A NEW SESSION IS OPENED PRIOR TO REBOOTING
QRADAR OFFENSES IV91301** 'OFFENSE SEARCH EXCLUSION FILTERS CONTAINING A DEFINED NETWORK HIERARCHY PARAMETER DO NOT RESPECT THE EXCLUSION
QRADAR CUSTOM RULES ENGINE IV85841 QRADAR SYSTEM DEGRADATION AND/OR DROPPED EVENTS CAN CAUSED BY SOME VULNERABILITY CRE TESTS
QRADAR RISK MANAGER GRAPHS IV87193 THE QRM 'DOWNLOAD IMAGE' BUTTON GENERATES ERROR 'THE GRAPH WAS TOO LARGE TO DOWNLOAD.' INCORRECTLY
QRADAR DEPLOYMENT ACTIONS IV78428 ADDING OR RE-ADDING A QRADAR MANAGED HOST CAN SOMETIMES FAIL
QRADAR VULNERABILITY MANAGER VULNERABILITIES IJ02090** NEWLY CONFIGURED VULNERABILITY EXCEPTIONS CAN SOMETIMES BE DUPLICATED
QRADAR USER ROLES IJ01112 NON ADMIN USERS WITH LIMITED USER ROLES MAY NOT BE ABLE TO FILTER BY CATAGTORIES
QRADAR CUSTOM EVENT PROPERTIES IJ00489 COMMAS ARE SWITCHED TO 'OR' WHEN MULTIPLE CUSTOM EVENT PROPERTIES ARE CONTAINED IN A SEARCH
QRADAR USER INTERFACE IJ00416 LOG AND NETWORK ACTIVITY EXPORTS TO CSV DISPLAY INCORRECT COLUMN NAMES
QRADAR AQL IJ00327 AQL SEARCH WITH 'REFERENCESETCONTAINS' CAN FILL QRADAR LOGS WITH "THE USERSESSION OBJECT IN SESSIONCONTEXT IS NULL...
QRADAR DATA NODES IJ00141** DISK MAINTENANCE DELETES /STORE/ARIEL/FLOWS (RECORDS AND PAYLOADS) DIRECTORY ON DATANODES THAT RECEIVE EVENTS ONLY
QRADAR REPORTS IJ00069** 'ERROR GENERATING SQL CHART' WHEN RUNNING A REPORT WITH "TIME" SET AS THE HORIZONTAL X-AXIS
QRADAR AQL IJ00066 TABLE REPORTS USING ACCUMULATED AQL DATA DISPLAY INCORRECT COLUMNS
QRADAR VULNERABILITY MANAGER SCANNERS IJ00034 VULNERABILITY DMZ EXTERNAL SCAN USING AUTHENTICATED PROXY OPTIONS DOES NOT WORK AS EXPECTED
Issues resolved in QRadar 7.2.8 Patch 10
Product Component Number Description
QRADAR SECURITY BULLETIN CVE-2015-6420 APACHE COMMONS COLLECTION AS USED IN IBM QRADAR SIEM IS VULNERABLE TO REMOTE CODE EXECUTION.
QRADAR CUSTOM ACTION SCRIPTS IJ01043** THE QRADAR USER INTERFACE CAN BECOME UNRESPONSIVE WHEN LOADING THE LOG SOURCES WINDOW DUE TO A SENSORDEVICE TABLE LOCK
QRADAR CUSTOM ACTION SCRIPTS IV86075** A CUSTOM ACTION SCRIPT USING THE PARAMETER 'CREEVENTLIST' CAN FAIL AND GENERATE AN EXCEPTION IN QRADAR LOGGING
QRADAR CUSTOM ACTION SCRIPTS IV86611 CUSTOM ACTION RESPONSE RETURNS 'NULL' VALUE FOR SOME DEFINED PARAMETERS
QRADAR ASSETS IV89590** THE 'ASSET NAME' FIELD FOR ASSETS CAN SOMETIMES BE BLANK
QRADAR UPGRADES IV91296 PATCHING TO QRADAR VERSION 7.2.7.+ CAN FAIL IF THE CONSOLE DATABASE HAD PREVIOUSLY BEEN MANUALLY RESTORED
QRADAR INCIDENT FORENSICS NOTIFICATIONS IV91662 QRADAR SYSTEM NOTIFICATIONS SIMILAR TO '...FORENSICSNODE. FORENSICSNODE123 HAS FAILED TO START FOR XXXXX INTERVALS...'
QRADAR OFFENSES IV93254 'DEVICE STOPPED SENDING EVENTS' RULE SOMETIMES DOES NOT DISPLAY THE ASSOCIATED LOG SOURCE WHEN PART OF AN OFFENSE
QRADAR DASHBOARD IV93409 NEW QRADAR USERS THAT ARE CREATED BY LDAP AUTHENTICATION DO NOT HAVE ANY DEFAULT DASHBOARDS
QRADAR DSM EDITOR IV93696 DSM EDITOR CAN DISPLAY REGEX GRABS INCONSISTENTLY BETWEEN WORKSPACE FIELD AND LOG ACTIVITY PREVIEW
QRADAR ASSET DETAILS IV93867** THE ASSET DETAILS, ASSET SUMMARY WINDOW OF AN ASSET CAN SOMETIMES BE MISSING THE 'OPERATING SYSTEM' DATA
QRADAR OFFENSE/DSM EDITOR IV94165 EVENTS CONTRIBUTING TO AN OFFENSE CANNOT BE DISPLAYED AFTER CUSTOM EVENT PROPERTY 'OFFENSEID' IS CREATED IN DSM EDITOR
QRADAR FLOWS IV94791 FLOWSOURCE_ALIAS TABLE IS NOT REPLICATED FROM CONSOLE TO MANAGED HOSTS
QRADAR DSM EDITOR IV95514 SELECTED EVENT DOES NOT DISPLAY IN THE DSM EDITOR WORKSPACE
QRADAR SEARCHES IV96161 SEARCHES CAN FAIL WITH 'CONNECTING TO THE QUERY SERVER' ERRORS OR 'I/O ERROR OCCURRED' WHEN A LARGE NUMBER OF SECURITY PROFILES EXIST
QRADAR SERVICES IV96190** HOSTCONTEXT CAN RUN OUT OF MEMORY DUE TO TASK MANAGEMENT DATABASE TABLE BECOMING CORRUPTED
QRADAR DISK SPACE IV96323 THE /STORE/TRANSIENT PARTITION DOES NOT PERFORM REQUIRED CLEANUP WHEN RUNNING LOW ON FREE DISK SPACE
QRADAR DISK SPACE IV96357 /VAR/LOG/ PARTITION CAN RUN OUT OF SPACE DUE TO LOGS FILLING WITH MESSAGES 'THE USERSESSION OBJECT IN SESSIONCONTEXT...'
QRADAR VULN MANAGER SEARCHES IV96411 SEARCHES FOR VULNERABILITY BY INSTANCE CAN DISPLAY A COUNT, BUT NO DATA
QRADAR MASTER CONSOLE IV96863 VIEWING OFFENSES IN MASTER CONSOLE CAN GENERATE THE ERROR 'ERROR 12: ENDPOINT INVOCATION RETURNED AN UNEXPECTED ERROR'
QRADAR SEARCHES IV97167 SEARCHES CAN FAIL/CANCEL WHEN A MAXIMUM NUMBER OF RESULTS IS REACHED
QRADAR USER INTERFACE IV97182 "MANAGE SEARCH RESULTS" PAGE FAILS TO LOAD WITH A 'GENERAL FAILURE. PLEASE TRY AGAIN' ERROR MESSAGE
QRADAR FLOW DATA IV97276 THE QFLOW PROCESS CAN SOMETIMES STOP PROCESSING WHEN OVERFLOW CONDITIONS ARE EXPERIENCED
QRADAR BACKUP / RESTORE IV97342 QRADAR BACKUPS CAN TIMEOUT WHEN APPS ARE INSTALLED
QRADAR LICENSE IV97521 UNABLE TO ALLOCATE LICENSE TO A 3129 CONSOLE APPLIANCE
QRADAR REPORTS IV97575 A VULNERABILITY REPORT'S VULNERABILITY COUNT VALUE CAN VARY WITHIN DIFFERENT SECTIONS OF THE SAME REPORT
QRADAR DEPLOYMENT IV97835 TUNNEL CONNECTIONS REMAIN AFTER A DATA NODE OR EVENT COLLECTOR ARE REMOVED FROM A QRADAR DEPLOYMENT
QRADAR FLOW DATA IV97942 AUTO UPDATE CAN CAUSE AN INTERRUPTION IN FLOW COLLECTION AND A "PERFORMANCE DEGRADATION" SYSTEM NOTIFICATION IN THE USER INTERFACE
QRADAR SEARCHES IV98068 IN PROGRESS SEARCHES THAT RUN LONGER THAN THE CONFIGURED SEARCH RESULTS RETENTION PERIOD ARE DELETED PRIOR TO COMPLETION
QRADAR DATA OBFUSCATION IV98095 ATTEMPTING TO OBFUSCATE A LARGE VOLUME OF USERNAME FIELD BASED EVENTS CAN CAUSE OBFUSCATED EVENTS TO BE DROPPED
QRADAR VULN MANAGER SCANNING IV98207 QVM SCAN RESULT DISPLAYS 100% PROGRESS AND STOPPED AS SCAN DURATION TIME CONTINUES TO INCREMENT
QRADAR USER MANAGEMENT IV98259 THE USER MANAGEMENT > AUTHENTICATION WINDOW CAN DISPLAY 'KEY NOT FOUND: JSP.QRADAR...' MESSAGES IN THE USER INTERFACE
QRADAR API IV98260 API SEARCHES RETRIEVING A COMPLETED SEARCH FROM THE /ARIEL/SEARCHES ENDPOINT CAN SOMETIMES RETURN A 500 ERROR CODE
QRADAR OPERATING SYSTEM IV98442 QRADAR 7.2.8 REPLACES REDHAT'S GRUB WITH GRUB 2
QRADAR APPLICATION FRAMEWORK IV98486 QRADAR APPLICAION DATA CAN APPEAR TO BE MISSING AFTER APPLYING A QRADAR PATCH
QRADAR UPGRADES IV98518 QRADAR PATCHING TO 7.2.8P7, P8 or P9 FAILS IF THE SYSTEM WAS BUILT USING QRADAR ISO VERSION 7.1.0.380596 AND HAS QRM
QRADAR VULN MANAGER REPORTS IV98524 EMAILED VULNERABILITY SCAN REPORTS CAN SOMETIMES BE BLANK
QRADAR INCIDENT FORENSICS REPORTS IV98529 QNI ONLY GENERATES FILE INFORMATION FOR THE LAST FILE CONTAINED WITHIN A SINGLE EMAIL, NOT ALL FILES
QRADAR SEARCH PERFORMANCE IV98539 ARIEL SEARCHES THAT DO MANY STRING COMPARISONS CAN RUN SLOWER THAN EXPECTED IN LOW MEMORY SCENARIOS
QRADAR QFLOW SERVICES IV98542 QFLOW COLLECTORS CAN EXPERIENCE REPETITIVE PROCESS FAILURES TO START, AND CORE DUMPS THAT CAN LEAD TO FILE SPACE ISSUES
QRADAR VULN MANAGER ASSET DATA IV98728 SCAN RESULT DATA CAN SOMETIMES FAIL TO UPDATE THE QRADAR ASSET MODEL
QRADAR LOG MANAGER RULES IV98928 ADDITIONAL RULE TESTS CANNOT BE ADDED TO CURRENT RULES AND NEW RULES CANNOT BE CREATED WHEN USING QRADAR LOG MANAGER
QRADAR QUICK SEARCH INDEXES IV99204 LUCENE INDEX DIRECTORIES DO NOT HONOR THE 'PAYLOAD INDEX RETENTION' CONFIGURED IN THE SYSTEM SETTINGS
QRADAR UPGRADES IV99289 QRADAR MEMORY CHECK PRETEST ON AN XX48 CAN FAIL WITH A RAM REQUIREMENT ERROR '...WE NEED AT LEAST 256G OF RAM...'
QRADAR VULN MANAGER SCAN RESULTS IV99333 INCONSISTENT ASSET COUNTS WHEN DRILLING DOWN INTO SOME SCAN RESULTS
QRADAR UPGRADES IV99559 QRADAR UPGRADE FROM 7.2.8 P6 TO 7.3.0 GA CAN FAIL AT TOMCAT NOT STARTING

 

 

 

Issues resolved in QRadar 7.2.8 Patch 9
Product Component Number Description
QRADAR USER INTERFACE IV98386 LOG SOURCE USER INTERFACE EDITS DO NOT SAVE ENABLED, COALESCING EVENTS, STORE EVENT PAYLOAD, AND GROUP ASSIGNMENT CHECK BOX ACTIONS

 

 

 

 

Issues resolved in QRadar 7.2.8 Patch 8
Product Component Number Description
VULNERABILITY MANAGER INTERFACE IV92973** A SCHEDULED SCAN IN QRADAR VULNERABILITY MANAGER CAN BE STARTED MULTIPLE TIMES ONE MINUTE APART
QRADAR SEARCH IV93076 RESULTS IN REPORT DATA CAN SOMETIMES NOT MATCH SEARCH RESULTS WHEN AN 'OR' CONDITION EXISTS IN SEARCH FILTERS
QRADAR DATA NODE IV93697** DATA NODES MAY NOT REBALANCE CORRECTLY IF THERE ARE MULTIPLE DESTINATIONS
FORENSICS DEPLOY IV94790** FORENSICS RECOVERY JOBS CAN BECOME ORPHANED IF INTERRUPTED BY A 'DEPLOY FULL CONFIGURATION'
QRADAR SEARCH IV89672** LDAP HOVER TEXT TOOLTIP DISPLAYS DUPLICATE VALUES
FORENSICS RECOVERY IV95243 FORENSICS RECOVERY PROCESS COMPLETES SUCCESSFULLY BUT THE DOCUMENT COUNT REPORTS AS 0
QRADAR SERVICES IV95495 PROCESSES (TOMCAT, HOSTCONTEXT, ECS) CAN CRASH DUE TO 'TOO MANY OPEN FILES'
QRADAR HISTORICAL CORRELATION IV96193 LOWER THAN EXPECTED PERFORMANCE RESULTS WHEN USING HISTORICAL CORRELATION
QRADAR ERROR MESSAGES IV96357 /VAR/LOG/ PARTITION CAN RUN OUT OF SPACE DUE TO LOGS FILLING WITH MESSAGES 'THE USERSESSION OBJECT IN SESSIONCONTEXT...'
VULNERABILITY MANAGER REPORTING IV96372 INCOMPLETE VULNERABILITY REPORT CAN BE GENERATED WHEN RUNNING AGAINST ASSETS CONTAINED IN THE SAME CIDR
QRADAR REPORTING IV96377 REPORTS RUN ON SOME AQL SEARCHES CAN RETURN INCONSISTENT COLUMN NAMES
QRADAR SEARCH IV96423 ERROR MESSAGE: 'GENERAL FAILURE. PLEASE TRY AGAIN' WHEN A LOG ACTIVITY SEARCH WITH A REFERENCE TABLE FILTER 'USER SPECIFIED VALUE' IS RUN
QRADAR BACKUP IV97342 QRADAR SCHEDULED BACKUPS CAN TIMEOUT WHEN APPS ARE INSTALLED
QRADAR UPDATE/UPGRADE IV97500 QRADAR PATCHING CAN FAIL WITH REFERENCE TO 'PACKAGE ADMINCONSOLE-7.X.X.-XXXXXXX' WRITTEN IN PATCHES.LOG
QRADAR DEPLOY IV97445 'DEPLOY FULL CONFIGURATION' REQUIRED PRIOR TO NEW USERS BEING ABLE TO LOGIN TO THE QRADAR UI WHEN USING LDAP GROUP AUTH
QRADAR USER INTERFACE IV97837 ADMIN TAB "SYSTEM HEALTH" ICON NO LONGER PRESENT AFTER APPLYING QRADAR PATCH 7.2.8 PATCH 7
QRADAR APPLICATIONS IV98086 APPS WITH LONG INSTALLATION TIMES MIGHT APPEAR WITH A STATUS 'FAILED TO INSTALL' IN THE USER INTERFACE

 

 

 

Issues resolved in 7.2.8 Patch 7
Number Description
SECURITY BULLETIN IBM JAVA AS USED IN IBM QRADAR SIEM IS VULNERABLE TO MULTIPLE CVES
IV84643 USERNAMES CONTAINING A ' . ' ARE TRUNCATED IN USER LOGINSIM AUDIT-2 EVENTS
IV86288 SOME QRADAR SERVICES CAN FAIL TO START AFTER A 'DEPLOY FULL CONFIGURATION' IS PERFORMED
IV87510 REALTIME STREAMING CAN FAIL TO DISPLAY EVENTS WHEN FILTERING ON EVENTPROCESSOR
IV90889 DASHBOARD ITEM CAN SOMETIMES DISPLAY NO DATA IN SOME INSTANCES OF NETWORK HIERARCHY CONTAINING DOUBLE BYTE CHARACTERS
IV93256 QRADAR RISK MANAGER PATH SEARCH CAN FAIL TO COMPLETE WHEN A SOURCEFIRE IPS EXISTS IN THE TOPOLOGY
IV93607 QRADAR HOSTS RUNNING ON AMAZON WEB SERVICES (AWS) CAN FAIL TO UPGRADE TO QRADAR 7.2.8 DUE TO A MISSING DEPENDENCY
IV93948 'GENERAL FAILURE' ERROR WHEN PERFORMING SEARCHES AGAINST NUMERIC REFERENCE SET DATA
IV94511 CONTENT PACK INSTALLATION CONTAINING SENSORPROTOCOLS CAN FAIL IF THE ID IS ALREADY IN THE SENSORPROTOCOL TABLE
IV94782 QRADAR LOGGING REPORTS HOSTCONTEXT '...TOO MANY OPEN FILES' MESSAGES
IV94873 FLOW COLLECTOR APPLIANCES (12XX/13XX) WITH MULTI-THREADING ENABLED CAN STOP COLLECTING FLOWS AFTER PATCHING
IV95105 REPORTS CREATED FROM VULNERABILITY SCAN PROFILES CAN SOMETIMES BE BLANK
IV95106 REPORT DATA CAN DIFFER FROM SEARCH DATA DUE TO ACCUMULATOR ROLLUP FAILURE
IV95109 DSM EDITOR PREVIEW FUNCTION DOES NOT DISPLAY WHEN USING JAPANESE LOCALE
IV95242 PERFORMING A 'PATCH ALL' CAN DISPLAY MESSAGE 'THE FOLLOWING MANAGED HOSTS ARE NOT ACCESSIBLE VIA SSH...'
IV96155 NETWORK ACTIVITY EXPORT CAN FAIL WTIH ERROR 'THERE WAS A PROBLEM COMPLETING YOUR REPORT. PLEASE TRY AGAIN LATER.'
IV96294 QRADAR NETWORK INSIGHT APPLIANCE NETWORK INTERFACE(S) CAN FAIL TO START/LOAD

 

 

Issues resolved in 7.2.8 Patch 6
Number Description
IV94880 CONTENT MANAGEMENT TOOL IMPORT CAN SOMETIMES CAUSE OFFENSES TO STOP GENERATING
IV94149 QRADAR PATCHING PROCESS CAN HANG FOR AN EXTENDED PERIOD OF TIME (HOURS) AT 'DUPLICATE REFERENCE DATA DETECTED. DELETING...'
IV93940 WHEN USING THE DSM EDITOR TO MAP EVENTS TO A CUSTOM QID, SUBSEQUENT MAPPING EVENT NAME IS 'UNKNOWN GENERIC EVENT'
IV93533 'SEND TO FORWARDING DESTINATIONS' OPTION FOR AN 'OFFENSE RULE' DISPLAYS NO AVAILABLE FORWARDING OPTIONS
IV93530 REPORTS BASED ON ADVANCED SEARCHES (AQL) THAT CONTAIN 'AS' DO NOT HAVE THE PROPER NAMED COLUMN HEADINGS
IV93454 AUDIT LOGGING DATA NOT AVAILABLE FOR QRADAR VULNERABILITY MANAGER SCAN PARAMETER AND SCHEDULED TIME CHANGES
IV93205 SCAN REPORTS NOT DISPLAYING IN THE LIST OF 'AVAILABLE REPORTS' WINDOW TO EMAIL AND CAUSING NULLPOINTER EXCEPTION
IV93191 REPORTS USING ADVANCED SEARCHES (AQL) CAN SOMETIMES HAVE INCORRECT AND/OR MISSING COLUMN HEADERS
IV93146 QRADAR VULNERABILITY MANAGER SCAN EXCLUSION SCREEN CAN SOMETIMES NOT LOAD, DISPLAYS AS A BLANK USER INTERFACE
IV93082 CSV OR XML EXPORT OF 'SCAN RESULT POLICY CHECK' SCREEN FAILS WITH ERROR 'THERE WAS A PROBLEM COMPLETING YOUR EXPORT...'
IV92977 VULNERABILITY SEARCH DASHBOARD ITEMS CHANGES DO NOT PERSIST AFTER LOG OUT OF THE QRADAR USER INTERFACE
IV92967 QUARTZ SCHEDULING LIBRARY INFORMATION MESSAGES ARE BEING WRITTEN INTO QRADAR LOGGING
IV92788 'AN ERROR OCCURED' POP UP MESSAGE CAN APPEAR WHEN NAVIGATING IN THE VULNERABILITIES TAB IN THE QRADAR USER INTERFACE
IV91674 SEARCHES USING A GEOGRAPHIC LOCATION FILTER CAN RETURN UNEXPECTED RESULTS
IV91607 'UNEXPECTED ERROR WHILE RETRIEVING GET_LOGS STATUS' WHEN A NON-ADMIN USER ACCESSES SYSTEM AND LICENCE MANAGEMENT
IV91286 TIMES SERIES NOT GENERATED FOR AQL SEARCHES CONTAINING MATHEMATICAL EXPRESSIONS
IV91098 INVAILD SUPER INDEXES CAN CAUSE 'GENERAL FAILURE. PLEASE TRY AGAIN' MESSAGES WHEN USED IN A FILTER IN SEARCHES
IV90792 USERS WITH DEFAULT DOMAIN PERMISSIONS CANNOT VIEW LOG SOURCE AND LOG SOURCE GROUP EVENT FILTERS
IV90305 REQUIRE UPDATED PACKAGE TO ADDRESS TURKEY'S DECISION TO NO LONGER ADJUST CLOCKS FOR DST
IV90000 THE /VAR/LOG/QRADAR-SQL.LOG FILE DOES NOT PROPERLY ROTATE AND/OR CAN BE TRUNCATED
IV89672 LDAP HOVER TEXT TOOLTIP DISPLAYS DUPLICATE VALUES
IV89309 SORT ON 'COUNT DESCENDING' ORDERING NOT WORKING AS EXPECTED IN REPORT OUTPUT
IV88334 LOG SOURCE REPORTS CAN FAIL AND DISPLAY NO RESULTS
IV88325 REPORT WIZARD CAN HANG WHEN CREATING A LOG SOURCE REPORT
IV87964 QRADAR APPLICATIONS USE THE CONSOLE'S PUBLIC IP IN NAT'D ENVIRONMENTS
IV87497 VULNERABILITY SEARCH DASHBOARD ITEMS CHANGES DO NOT PERSIST AFTER LOG OUT OF THE QRADAR USER INTERFACE

 

 

Issues resolved in 7.2.8 Patch 5
Number Description
IV93936 QRADAR 7.2.8 PATCH 4 FLOW COLLECTOR (12XX/13XX) PATCH PROCESS FAILS AT TEST WHEN PATCHING FROM VERSION 7.2.6.X OR 7.2.7.X

 

 

Issues resolved in 7.2.8 Patch 4
Number Description
SECURITY BULLETIN IBM QRADAR SIEM IS VULNERABLE TO A DENIAL OF SERVICE (CVE-2016-9740)
SECURITY BULLETIN IBM QRADAR SIEM AND QRADAR INCIDENT FORENSICS ARE VULNERABLE TO CROSS-SITE REQUEST FORGERY (CVE-2016-9730)
SECURITY BULLETIN IBM QRADAR SIEM IS VULNERABLE TO MISSING AUTHENTICATION CHECKS (CVE-2016-9729)
SECURITY BULLETIN IBM QRADAR SIEM AND QRADAR INCIDENT FORENSICS ARE VULNERABLE TO OS COMMAND INJECTION (CVE-2016-9726, CVE-2016-9727)
SECURITY BULLETIN IBM QRADAR SIEM IS VULNERABLE TO SQL INJECTION (CVE-2016-9728)
SECURITY BULLETIN IBM QRADAR INCIDENT FORENSICS IS VULNERABLE TO OVERLY PERMISSIVE CORS ACCESS POLICIES (CVE-2016-9725)
SECURITY BULLETIN IBM QRADAR SIEM IS VULNERABLE TO XML ENTITY INJECTION (CVE-2016-9724)
SECURITY BULLETIN IBM QRADAR SIEM AND QRADAR INCIDENT FORENSICS ARE VULNERABLE TO CROSS SITE SCRIPTING (CVE-2016-9723, CVE-2017-1133)
SECURITY BULLETIN IBM QRADAR SIEM AND QRADAR INCIDENT FORENSICS ARE VULNERABLE TO INFORMATION EXPOSURE (CVE-2016-9720)
SECURITY BULLETIN MOZILLA NSS AS USED IN IBM QRADAR SIEM IS VULNERABLE TO ARBITRARY CODE EXECUTION (CVE-2016-2834)
SECURITY BULLETIN PIVOTAL SPRING FRAMEWORK AS USED IN IBM QRADAR SIEM IS VULNERABLE TO VARIOUS CVEs
SECURITY BULLETIN APACHE SOLR AS USED IN IBM QRADAR SIEM AND INCIDENT FORENSICS IS VULNERABLE TO A DENIAL OF SERVICE
SECURITY BULLETIN IBM QRADAR SIEM CONTAINS HARD-CODED CREDENTIALS
SECURITY BULLETIN IBM QRADAR SIEM USES BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHMS
SECURITY BULLETIN APACHE TOMCAT PRIOR TO VERSION 6.0.48 IS SUSCEPTIBLE TO SEVERAL VULNERABILITIES
SECURITY BULLETIN IBM QRADAR SIEM AND INCIDENT FORENSICS ARE VULNERABLE TO VARIOUS CVEs FOUND IN IBM JAVA.
SECURITY BULLETIN OPENSSL AS USED IN IBM QRADAR SIEM IS VULNERABLE TO VARIOUS CVEs
IV86405 'APPLICATION ERROR' WHEN USING A VALUE SPECIFIED IN 'AS' CLAUSE FOR LOGSOURCENAME IN AN ADVANCED SEARCH (AQL)
IV86407 THE /VAR/LOG PARTITION CAN FILL DUE TO THE QRADAR LOG FILES BEING QUICKLY FILLED WITH 'EXCEPTION IN TEST' MESSAGES
IV87313 'SOURCE' AND 'DESTINATION' NETWORK GROUP SHOW FULL NETWORK HIERARCHY NAME WHEN ADDED AS A COLUMN TO DISPLAY
IV87507 SOME DASBOARD ITEMS NO LONGER DISPLAY IN THE QRADAR USER INTERFACE
IV87862 RULE 'EXPLOIT: DESTINATION VULNERABLE TO DETECTED EXPLOIT' CAN SOMETIMES NOT TRIGGER WHEN EXPECTED
IV89015 APPLICATION ERROR WHEN DOUBLE CLICKING THE RESULTS OF AN 'ADVANCED SEARCH' (AQL)
IV89556 ECS-EP PROCESS RUNNING, BUT EVENT/FLOW PROCESSING NOT OCCURING ON A QRADAR APPLIANCE
IV89820 SYSLOG EVENTS GENERATED FROM AN OFFENSE RULE DO NOT CONTAIN ANY CONFIGURED NAMING CONTIBUTIONS IN THE EVENT PAYLOAD
IV89893 'ASSET MODEL HAS NOT YET BEEN UPDATED WITH SCAN RESULTS' MESSAGE WHEN NO ASSETS HAVE BEEN SCANNED
IV89904 QVM VULNERABILITY EXCEPTIONS FOR IP/CIDR/NETWORK ARE NOT RESPECTED WHEN A FILTER IS DEFINED TO EXCLUDE THEM
IV89929 'MISSING PATCHES' REPORT CAN SOMETIMES BE EMPTY WHEN RUN ON SYSTEMS WITH A LARGE NUMBER OF VULNERABILITY INSTANCES
IV90002 QVM RED WARNING TRIANGLE DISPLAYED ON A SCAN RESULT WHEN THE ASSET MODEL WAS PROPERLY UPDATED
IV90004 ASSET MODEL 'NOT UPDATED' ICON DISPLAYS FOR A SCAN PROFILE RESULT WHEN SCAN POLICY HAS BEEN EDITED
IV90075 RED WARNING ICON ON QVM SCAN RESULTS PAGE WHEN RESULTS HAVE BEEN REPUBLISHED
IV90376 SECURITY APP EXCHANGE APPLICATIONS CAN FAIL TO COMMUNICATE IN SOME HIGH AVAILABILITY QRADAR CONFIGURATIONS
IV90421 RULE TESTS AGAINST A REFERENCE MAP DO NOT WORK WHEN DESTINATION PORT IS NULL
IV90793 PATCHING TO QRADAR 7.2.8 GA OVERWRITES CA CERTS THAT WERE LOCATED IN /ETC/PKI/TLS/CERTS/CA-CUNDLE.CRT
IV90795 DRILLING INTO A SEARCH THAT WAS GROUPED BY A CUSTOM EVENT PROPERTY WITH PARENTHESIS DOES NOT WORK AS EXPECTED
IV90887 'ASSET MODEL HAS NOT YET BEEN UPDATED WITH SCAN RESULTS' MESSAGED DISPLAYED WHEN ASSET MODEL IS UPDATED CORRECTLY
IV90906 TIMES SERIES NOT WORKING FOR SOME NON-ADMIN QRADAR USERS
IV91300 CREATING A REPORT BASED ON AN AQL (ADVANCED SEARCH) QUERY CONTAINING 'ORDER BY' FAILS TO GENERATE PROPER OUTPUT
IV91322 ATTEMPTING TO ENABLE TIMESERIES COLLECTION FOR SHARED SAVED SEARCHES CAN SOMETIMES FAIL
IV91615 'ERROR: COULD NOT FIND OR LOAD MAIN CLASS COM.Q1LABS.CORE.UTIL . PASSWORDENCRYPT' WHEN CONFIGURING LDAP HOVER FEATURE
IV91618 EDIT SEARCH PAGE CAN SOMETIMES FAIL TO LOAD ALL OF THE EXPECTED SEARCH PAGE OPTIONS
IV91634 ARIEL SEARCHES THAT ARE RUN USING API VERSION 7.0+ DO NOT RETURN PAYLOAD PROPERLY FOR PARSING
IV91635 QUICK SEARCHES CANNOT BE REMOVED FROM THE QUICK SEARCH LIST
IV91675 AN 'APPLICATION ERROR' CAN BE DISPLAYED FOR NEW USERS LOGGING INTO THE QRADAR USER INTERFACE INSTEAD OF A DEFAULT DASHBOARD
IV91816 PATCHING QRADAR HIGH AVAILABILITY (HA) PAIR APPLIANCES CONFIGURED USING CROSSOVER CAN SOMETIMES FAIL
IV92139 'WRAP TEXT' FUNCTION FOR EVENT PAYLOAD INFORMATION DOES NOT WORK AFTER APPLYING QRADAR PATCH
IV92466 QRADAR SEARCHES CAN FAIL TO COMPLETE AND/OR DASHBOARD DATA CAN FAIL TO LOAD DUE TO AN ARIEL CONNECTION LEAK
IV92851 ARIEL CAN BECOME OVERLOADED CAUSING SLOWER THAN EXPECTED SEARCH RESULTS AND SLOW USER INTERFACE RESPONSE
IV92852 REPORTS RUNNING ON 'ACCUMULATED DATA' CAN SOMETIMES FAIL DUE TO THE GLOBAL VIEW DAILY ROLLUPS FAILING
IV93839 QRADAR FEATURES USING THE ARIEL PROCESS (SEARCHES, DASHBOARDS, REPORTS, ETC.) CAN INTERMITTENTLY FAIL TO LOAD/COMPLETE (NOTE: THIS APAR WAS RECENTLY ADDED AND MIGHT TAKE UP TO 12 HORUS TO DISPLAY)

 

 

 

Issues resolved in 7.2.8 Patch 3
Number Description
IV89519 RULES THAT TEST AGAINST REFERENCE MAP OF DATA SETS CAN SOMETIMES FIRE UNEXPECTEDLY
IV89901 QRADAR AUTO UPDATE FEATURE CONFIGURED TO USE A PROXY SERVER CAN FAIL AFTER PATCHING
IV91030 QRADAR APPS THAT REQUIRE SPECIFIC USER ROLE PERMISSIONS CAN STOP WORKING AFTER PATCHING TO QRADAR 7.2.8 PATCH 1
IV91617 QFLOW APPLIANCES CAN STOP SENDING FLOWS TO FLOW PROCESSORS AFTER PATCHING TO QRADAR 7.2.8
IV92220 TIME SERIES DATA ACCUMULATION DOES NOT WORK FOR NON-ADMIN DOMAIN USERS WITH MULTI-TENANCY DASHBOARD

 

 

Issues resolved in 7.2.8 Patch 2
Number Description
NONE QRADAR 7.2.8 PATCH 2 DOES NOT INCLUDE ANY RESOLVED ISSUES (APARs). THIS UPDATE INCORPORATES FRAMEWORK CHANGES IN ORDER TO SUPPORT THE NEW QRADAR NETWORK INSIGHTS APPLIANCE (19xx) IN A QRADAR DEPLOYMENT. THIS SOFTWARE VERSION WAS NOT PUBLISHED AS A GLOBAL SOFTWARE RELEASE. THIS DOWNLOAD IS ONLY AVAILABLE FROM QRADAR SUPPORT.

 

 

Issues resolved in 7.2.8 Patch 1
Number Description
SECURITY BULLETIN APACHE POI AS USED IN IBM QRADAR SIEM IS VULNERABLE TO VARIOUS CVEs (CVE-2012-0213, CVE-2014-3529, CVE-2014-3574, CVE-2014-9527, CVE-2016-5000)
SECURITY BULLETIN IBM QRADAR SIEM IS VULNERABLE TO VARIOUS CGI VULNERABILITIES (CVE-2016-5385, CVE-2016-5387, CVE-2016-5388)
IV77767 QRADAR USER INTERFACE OUTAGES CAN OCCUR WHEN TRYING TO LOAD THE MANAGED SEARCH RESULTS PAGE
IV83509 USING 'WHEN THE EVENT(S) HAVE NOT BEEN DETECTED...' RULE WITH A RESPONSE TO CREATE NEW EVENT, THAT EVENT HAS INCORRECT QID
IV83701 ERRORS VISIBLE IN QRADAR LOGGING AFTER A CUSTOM EVENT PROPERTY HAS BEEN SUCCESSFULLY DELETED
IV84025 UNABLE TO DELETE RULES THAT ARE ADDED TO THE GROUP 'ANOMALY'
IV84615 RULE OR BUILDING BLOCK DELETION CAN FAIL WHEN THERE ARE INVALID SEARCHES
IV86422 'MORE OPTIONS' IS DISPLAYED TWICE WHEN PERFORMING A RIGHT CLICK OF A SOURCE AND/OR DESTINATION IP IN A NETWORK ACTIVITY SEARCH
IV86683 THE EVENT PAYLOAD INFORMATION FIELD DOES NOT PROPERLY DISPLAY UTF DATA IF IT CONTAINS CONSECUTIVE SPACES OR A TAB CHARACTER
IV87248 HIGH AVAILABILITY CONSOLE WITH CROSSOVER CONNECTIONS CAN HANG AND/OR FAIL DURING QRADAR PATCHING
IV87577 QUICK FILTER CONTAINING DOUBLE-BYTE CHARACTERS ON LOG AND/OR NETWORK ACTIVITY TAB DOES NOT WORK AS EXPECTED
IV87796 CUSTOM EVENT PROPERTIES DO NOT FORWARD THROUGH A CUSTOM RULE RESPONSE WHEN USING JSON FORMAT
IV87859 SOME LOG SOURCES CAN FAIL TO BE IMPORTED DURING A CONTENT MANAGEMENT TOOL IMPORT
IV88275 NON-ADMIN QRADAR USERS ARE UNABLE TO FILTER ON 'EVENT PROCESSOR'
IV88279 USER ROLE WITH ONLY 'MANAGE LOG SOURCES' UNDER 'DELEGATED ADMINISTRATION' CANNOT PERFORM A QRADAR DEPLOY FUNCTION
IV88324 THE SYSTEM HEATH (QRADAR HEALTH CONSOLE) FEATURE CAN HAVE VARIOUS PROBLEMS AFTER APPLYING A QRADAR PATCH
IV88392 ORDERING OF ASSETS BY IP ADDRESS SOMETIMES DOES NOT WORK AS EXPECTED
IV88708 QRADAR VULNERABILITY MANAGER - ASSET DETAILS RISK POLICY SCREEN SHOWS INCORRECT TIMESTAMP IN LAST EVALUATED FIELD WHEN TIME ZONE IS SET FOR NEW ZEALAND
IV89064 THE QRADAR ARIEL API CAN SOMETIMES RETURN NO RESULTS WHEN PROCESSING LARGE NUMBERS OF SEARCH RESULTS
IV89173 QRADAR VULNERABILITY MANAGER - CIDR DATA ENTRY VALIDATION FOR SCANNERS DOES NOT WORK AS EXPECTED
IV89196 SEARCHING ON COMPRESSED DATA USING FILTER 'RETENTION BUCKET IS' RETURNS NO RESULTS
IV89308 THE QRADAR RULES PAGE FAILS TO LOAD OR TAKES A LONGER THAN EXPECTED TIME TO LOAD
IV89309 SORT ON 'COUNT DESCENDING' ORDERING NOT WORKING AS EXPECTED IN REPORT OUTPUT
IV89345 QVM: CIS SCAN RESULT STATUS CAN SOMETIMES DISPLAY AS FAIL INSTEAD OF UNKNOWN IN THE USER INTERFACE
IV89365 QVM VULNERABILITY FILTERING BY VENDOR AND DATE RANGE SOMETIMES DOES NOT RETURN THE COMPLETE LIST OF VULNERABILITIES
IV89367 QRADAR SYSTEM NOTIFICATION: 'TRANSACTION SENTRY: RESTORED SYSTEM HEALTH BY CANCELLING HUNG TRANSACTIONS OR DEADLOCKS
IV89393 CONTENT MANAGEMENT TOOL (CMT) EXPORT OF CUSTOM RULES FAILS WITH A NULLPOINTER EXCEPTION
IV89408 QRADAR VULNERABILITY MANAGER SCANS UNEXPECTEDLY DISPLAY A ZERO VULNERABILITY COUNT AND NO ASSETS CREATED FROM THOSE SCANS
IV89516 SAVED SEARCHES ATTEMPTING TO USE CVE-ID NUMBER DATA IN REFERENCE SETS DO NOT WORK AS EXPECTED
IV89665 FILTERING ON 'USERNAME IS ANY OF' " " (A BLANK SPACE WITHIN QUOTES) DOES NOT DISPLAY AS A CURRENTLY APPLIED FILTER
IV89901 QRADAR AUTO UPDATE FEATURE CONFIGURED TO USE A PROXY SERVER CAN FAIL AFTER PATCHING
IV90087 SEARCHES CAN TAKE A LONGER THAT EXPECTED TIME TO COMPLETE IN QRADAR 7.2.8 GA
IV90323 UNABLE TO DELETE REFERENCE SET ELEMENTS USING THE QRADAR USER INTERFACE
IV90372 ATTEMPTING TO ADD AN ADVANCED SEARCH (AQL) TEST TO A RULE CAN CAUSE THE USER INTERFACE WINDOW TO BECOME UNRESPONSIVE
IV90419 EVENT DATA WRITTEN INTO QRADAR AT VERSION 7.2.3.X OR PRIOR CANNOT BE READ BY QRADAR VERSION 7.2.7.X AND 7.2.8 GA
IV90460 QRADAR DEPLOY FUNCTION CAN FAIL AFTER PATCHING TO QRADAR 7.2.8 GA
IV90646 QFLOW PROCESS CAN STOP WORKING AS EXPECTED ON FLOW APPLIANCES AFTER PATCHING TO QRADAR 7.2.8 GA
IV90649 PATCH PROCESS TO 7.2.8 GA FAILS DUE TO A USER AND AUTHORIZED SERVICE HAVING THE SAME NAME
IV90777 NO FLOWS OR EVENTS VISIBLE IN THE QRADAR USER INTERFACE AFTER RESTORING A CONFIGURATION BACKUP FROM 7.2.8 GA

 

 

Issues resolved in 7.2.8
Number Description
IV81172 SQL EXCEPTION WHEN RUNNING EVENTS/LOGS REPORTS BASED ON ADVANCED SEARCH FOR ASSETS
IV87841 RULE TEST WITH MULTIPLE REFERENCE SETS ONLY MATCHES FIRST REFERENCE SET IN TEST
IV82547 WEB APPLICATION XJAVASCRIPT FILTERING BROKEN
IV84386 CRITSIT: LOG ACTIVITY - UI EXCEPTION POPUP WHEN MOUSING OVER IP ADDRESSES
IV88370 REFERENCE DATA - BULK LOADING PERFORMANCE NEEDS WORK
IV84710 ASSET SCREEN IN UI IS SLOW WHEN THE NUMBER OF ASSETS IS MODERATE TO LARGE
IV85584 RULE WIZARD UI ISSUES
IV79236 CRITSIT: CANNOT ACCESS RULE WIZARD WHEN NAVIGATING TO AN EVENT THROUGH AN OFFENSE
IV85435 OFFENSE NAMING NOT WORKING CONSISTENTLY
IV87029 INDEX ROLLER BUG
IV70567 AUTOUPDATE HTTPS AND PROXY INTERCEPTION - CONNECT FAILURES BY UPDATECONFS.PL
IV84567 OFFENSES OVER TIME REPORTS CAN MISMATCH OFFENSE SCREEN
IV86839 FILTERING IN LOG SOURCES WHILE SORTED BY EPS CAUSES EXCEPTION
IV82557 NULLPOINTEREXCEPTION IN DATA DELETION CAUSES USER UNABLE TO DELETE RULE OR CUSTOM EVENT PROPERTY
IV89021 EVENTS CONTAINING ESCAPED CHARACTERS ARE DISPLAYED INCORRECTLY IN THE CUSTOM EVENT PROPERTY SCREEN

 

 

 

 

 


Where do I find more information?

 

 

 

 

 

 


 

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Component":"Release Notes","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":""},{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSHLPS","label":"IBM QRadar Vulnerability Manager"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":""},{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSUK44","label":"IBM QRadar Incident Forensics"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":""},{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQQU","label":"IBM QRadar Risk Manager"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":""}]

Document Information

Modified date:
10 December 2018

UID

ibm10735751