IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Event ID and Event Category properties are not getting labelled correctly

    Posted Sun November 12, 2023 04:39 AM

    Hi,

    For some Log Sources the Event ID and Event Category properties are not getting labelled correctly. The event is parsed and mapped but the Event ID and the Event Category are shown as N/A in the Log Activity tab

    I have upgraded to UP 7 and even the issue is labeled in UP 7 , unluckliy the issue still happens.

    Anyone can help?

    Thanks



    ------------------------------
    Ali Mohamed
    ------------------------------


  • 2.  RE: Event ID and Event Category properties are not getting labelled correctly

    Posted Mon November 13, 2023 05:23 AM

    Ali

    this sounds very strange to me. UP7 has two fix levels 01 and 02. Which one have you applied?

    Most probably its not an UP7 issue. Release notes does not mention this. Can you provide an URL to the "labeled in UP 7" note?

    EventID and Event Category when parsed and mapped should show something else and not N/A. Is there a QID name shown?

    Typically value is unknown if nothing else matches. Of course there are big differences on the DSM type being used, so a sample screenshot and some more details about your logsources would help a lot.



    ------------------------------
    [Karl] [Jaeger] [Business Partner]
    [QRadar Specialist]
    [pro4bizz]
    [Karlsruhe] [Germany]
    [4972190981722]
    ------------------------------

    Original Message


  • 3.  RE: Event ID and Event Category properties are not getting labelled correctly

    Posted Mon November 13, 2023 05:51 AM
    Edited by Ali Mohamed Mon November 13, 2023 05:53 AM

    This is a resolved issue in UP7 release notes :

    IJ46916: Log activity tab can display event ID and category as N/A when the payloads are parsed and mapped correctly

    https://www.ibm.com/support/pages/release-qradar-750-update-package-7-sfs-750-qradar-qrsiem-20230822112654

    ------------------------------
    Ali Mohamed
    ------------------------------

    Original Message


  • 4.  RE: Event ID and Event Category properties are not getting labelled correctly

    Posted Tue November 14, 2023 04:14 AM

    I've encountered something similar in 7.5.0UP2 - events for regular and custom DSMs would appear as Generic and/or Stored. Support suggested this was resolved starting with UP6 or so. 



    ------------------------------
    Dusan VIDOVIC
    ------------------------------

    Original Message


Related Content