IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Reference map of set element rule exclusion issue

    Posted Wed June 26, 2024 09:26 AM

    Hi

    We are facing issue with the reference map of set.

    We are using reference map of set for exclusion in rules, but its not working even the value is exactly same as value parsed.

    Please help us.



    ------------------------------
    Aby Francis
    ------------------------------


  • 2.  RE: Reference map of set element rule exclusion issue

    Posted Thu June 27, 2024 08:22 AM

    Believe it or not, there is a bug in QR causing this.  I do not "think" it is fixed in UP7 IF6.  I'm not sure about UP8 even if you can upgrade without issues.  Open a ticket and see if they have a very free of this "feature".



    ------------------------------
    Frank Eargle
    ------------------------------

    Original Message


  • 3.  RE: Reference map of set element rule exclusion issue

    Posted Thu June 27, 2024 11:26 AM

    Hi,

    we were also affected by this known issue:

    Known Issue: DT258961 (ibm.com)

    Upgrading from 7507 IF4 to 7507 IF6 solved the issue, I am not sure if reference maps work the same as reference sets regarding this.

    Davide



    ------------------------------
    Davide Salardi
    ------------------------------

    Original Message


Related Content