IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  QRadar 7.5.0 UP14 – Offense Description Search Broken

    Posted 13 days ago
    Hello everyone,

    I would like to share an issue we encountered after performing the
    latest QRadar upgrade. Hopefully this information will be useful to
    others experiencing similar behavior, and I would appreciate any
    insights or suggestions.

    Problem Description:
    After upgrading to IBM QRadar 7.5.0 UpdatePackage 14 (Build
    20251017194912), the option to search for offenses by Description in the
    Offenses menu stopped working. The search field returns no results
    regardless of the input, even though offenses with matching descriptions
    exist.


    If anyone has experienced similar behavior or found a workaround, I
    would appreciate your feedback.
    Thank you in advance for any insights or recommendations.

    Best regards,

    --
    Ing. Peter Novota
    Senior Systems Integration Specialist
    pnovota@cnc.sk
    CNC, a.s.

    Recepcia: +421 2 35 000 100
    Mobil: +421 908 707 187
    www.cnc.sk


  • 2.  RE: QRadar 7.5.0 UP14 – Offense Description Search Broken

    Posted 13 days ago

    Good Morning Peter,

    I'm aware about many deployments with 7.5.0 UP14 IF01... The behavior I'm aware of is, if I use the exact description string the result contains the related offenses. If I search only with a subset of the description string the result is empty... 

    Actually, I'm just wondering whether partial search has always been like this... ?


    Regards,

    Ralph



    ------------------------------
    Ralph Belfiore
    Managing Consultant | CyberSecurity Strategy | SIEM & Data Resilience
    connecT SYSTEMHAUS AG
    Siegen
    ------------------------------

    Original Message


  • 3.  RE: QRadar 7.5.0 UP14 – Offense Description Search Broken

    Posted 12 days ago

    Hi Ralph,

    no it has not. I checked that in my lab environment with UP13IF02 a search with a partial string works as expected (and the search is case insensitive).

    Regarding your error, Peter, look at that Known Issue: https://www.ibm.com/mysupport/s/defect/aCIgJ0000007JnV/dt455580?language=en_US 

    Check your logs and contact support. They will guide you to a workaround.

    Kind regards,

    Marc



    ------------------------------
    Marc Gaillard
    ------------------------------

    Original Message


  • 4.  RE: QRadar 7.5.0 UP14 – Offense Description Search Broken

    Posted 12 days ago

    Hi Marc,

    thank you for your testing and providing your feedback :)

    I have just created the support ticket.

    Regards,

    Ralph



    ------------------------------
    Ralph Belfiore
    Managing Consultant | CyberSecurity Strategy | SIEM & Data Resilience
    connecT SYSTEMHAUS AG
    Siegen
    ------------------------------

    Original Message


  • 5.  RE: QRadar 7.5.0 UP14 – Offense Description Search Broken

    Posted 12 days ago

    This is a known issue:
    https://www.ibm.com/mysupport/s/defect/aCIgJ0000007JnVWAU/dt455580?language=en_US

    It will be resolved in the next Interim Fix QRadar 7.5.0 UP14 IF02.

    There is a simple workaround but you need to open a support case as we will need to provide you with a file. 

    Best Regards



    ------------------------------
    Comghall Morgan
    QRadar Support Architect
    IBM
    ------------------------------

    Original Message


  • 6.  RE: QRadar 7.5.0 UP14 – Offense Description Search Broken

    Posted 12 days ago

    Hello Comghall,

    thank you for the quick response and for confirming that this is a known issue. I appreciate the information regarding the upcoming fix in QRadar 7.5.0 UP14 IF02.

    I will open a support case to request the workaround file.
    Could you please share an estimated release date for the IF02 fix?

    Thanks again for your assistance.

    Best regards,

    Ing. Peter Novota
    Senior Systems Integration Specialist



    ------------------------------
    Peter Novota
    Cyber SOC Analyst SIEM Integration specialist
    CNC, a.s.
    ------------------------------

    Original Message


  • 7.  RE: QRadar 7.5.0 UP14 – Offense Description Search Broken

    Posted 11 days ago

    Looks like UP14IF02 is out, and release notes basically reference this under Resolved issues

    www.ibm.com/support/pages/node/7252370



    ------------------------------
    Dusan VIDOVIC
    ------------------------------

    Original Message


  • 8.  RE: QRadar 7.5.0 UP14 – Offense Description Search Broken

    Posted 11 days ago

    Hey community,

    IF02 has been released today.. Meanwhile till you're able to schedule your next maintenance window, the workaround file process works like a charm :)
    Thanks @IBM Support for this quick and useful support!

    It's always fun to be part of this community! Together, we are more than one. #stronger #faster #smarter #better

    Regards,

    Ralph

     :)



    ------------------------------
    Ralph Belfiore
    Managing Consultant | CyberSecurity Strategy | SIEM & Data Resilience
    connecT SYSTEMHAUS AG
    Siegen
    ------------------------------

    Original Message


Related Content