IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  QRadar 7.5.0 UP14 – Offense Description Search Broken

    Posted yesterday
    Hello everyone,

    I would like to share an issue we encountered after performing the
    latest QRadar upgrade. Hopefully this information will be useful to
    others experiencing similar behavior, and I would appreciate any
    insights or suggestions.

    Problem Description:
    After upgrading to IBM QRadar 7.5.0 UpdatePackage 14 (Build
    20251017194912), the option to search for offenses by Description in the
    Offenses menu stopped working. The search field returns no results
    regardless of the input, even though offenses with matching descriptions
    exist.


    If anyone has experienced similar behavior or found a workaround, I
    would appreciate your feedback.
    Thank you in advance for any insights or recommendations.

    Best regards,

    --
    Ing. Peter Novota
    Senior Systems Integration Specialist
    pnovota@cnc.sk
    CNC, a.s.

    Recepcia: +421 2 35 000 100
    Mobil: +421 908 707 187
    www.cnc.sk


  • 2.  RE: QRadar 7.5.0 UP14 – Offense Description Search Broken

    Posted 7 hours ago

    Good Morning Peter,

    I'm aware about many deployments with 7.5.0 UP14 IF01... The behavior I'm aware of is, if I use the exact description string the result contains the related offenses. If I search only with a subset of the description string the result is empty... 

    Actually, I'm just wondering whether partial search has always been like this... ?


    Regards,

    Ralph



    ------------------------------
    Ralph Belfiore
    Managing Consultant | CyberSecurity Strategy | SIEM & Data Resilience
    connecT SYSTEMHAUS AG
    Siegen
    ------------------------------

    Original Message


  • 3.  RE: QRadar 7.5.0 UP14 – Offense Description Search Broken

    Posted 3 hours ago

    Hi Ralph,

    no it has not. I checked that in my lab environment with UP13IF02 a search with a partial string works as expected (and the search is case insensitive).

    Regarding your error, Peter, look at that Known Issue: https://www.ibm.com/mysupport/s/defect/aCIgJ0000007JnV/dt455580?language=en_US 

    Check your logs and contact support. They will guide you to a workaround.

    Kind regards,

    Marc



    ------------------------------
    Marc Gaillard
    ------------------------------

    Original Message


  • 4.  RE: QRadar 7.5.0 UP14 – Offense Description Search Broken

    Posted an hour ago

    Hi Marc,

    thank you for your testing and providing your feedback :)

    I have just created the support ticket.

    Regards,

    Ralph



    ------------------------------
    Ralph Belfiore
    Managing Consultant | CyberSecurity Strategy | SIEM & Data Resilience
    connecT SYSTEMHAUS AG
    Siegen
    ------------------------------

    Original Message


  • 5.  RE: QRadar 7.5.0 UP14 – Offense Description Search Broken

    Posted 3 hours ago

    This is a known issue:
    https://www.ibm.com/mysupport/s/defect/aCIgJ0000007JnVWAU/dt455580?language=en_US

    It will be resolved in the next Interim Fix QRadar 7.5.0 UP14 IF02.

    There is a simple workaround but you need to open a support case as we will need to provide you with a file. 

    Best Regards



    ------------------------------
    Comghall Morgan
    QRadar Support Architect
    IBM
    ------------------------------

    Original Message


Related Content