IBM Security QRadar

Dear Team
We have been observing that  Custom Rule is BB:CategoryDefinition: Authentication Failures is not matching any of the low-level categories tagged events even if it's being triggered, because of this even reports for authentication failures are turning up empty, anyone has seen this before? any inputs would be highly appreciated.

Empty results:

Low-level category:

Building block:

T&R
Arjun

------------------------------
Arjun Kumar Network & Security Engineer
------------------------------

Update: The issue was resolved. The load building blocks rule was disabled.

------------------------------
Arjun Kumar Network & Security Engineer
------------------------------

Original Message:
Sent: Sun July 04, 2021 07:40 AM
From: Arjun Kumar
Subject: Custom Rule is BB:CategoryDefinition: Authentication Failures : Not fetching results

Dear Team
We have been observing that  Custom Rule is BB:CategoryDefinition: Authentication Failures is not matching any of the low-level categories tagged events even if it's being triggered, because of this even reports for authentication failures are turning up empty, anyone has seen this before? any inputs would be highly appreciated.

Empty results:

Low-level category:

Building block:

T&R
Arjun

------------------------------
Arjun Kumar Network & Security Engineer
------------------------------