IBM QRadar

Hi community,

another issue I struggled with. There's a current content package update for Microsoft Windows CEPs. But it failed to update.
It is interesting to note, that the same error occurs in 3 other Radar Deployments I manage... And it doesn't matter which Release. In my scenarios it's 7.5.0UP9 and 7.5.0UP8IF03.

Hi Ralph

Do you see any errors in the logs such as the folllowing when trying to import the content pack

Property with id [1aaa2e1c-66eb-4107-a26c-2cd98bdb51f3] already exists but have a different name

Also are there any errors for the com.ibm.si.content_management class?

Thanks

Hi community,

another issue I struggled with. There's a current content package update for Microsoft Windows CEPs. But it failed to update.
It is interesting to note, that the same error occurs in 3 other Radar Deployments I manage... And it doesn't matter which Release. In my scenarios it's 7.5.0UP9 and 7.5.0UP8IF03.

Hey John,

yes, i can see the following errors:

Aug  2 12:31:23 ::ffff:127.0.0.1 [tomcat.tomcat] [227421b6-0edd-43e0-8a11-4d7dd18d6350@localhost] com.ibm.si.content_management.ContentCustom: [ERROR] [NOT:0000003000][x.x.x.x/- -] [-/- -]Conflict during the import of property [Key Length], found an existing property with the same name but different type
Aug  2 12:31:23 ::ffff:127.0.0.1 [tomcat.tomcat] [227421b6-0edd-43e0-8a11-4d7dd18d6350@localhost] com.ibm.si.content_management.ContentManager: [ERROR] [NOT:0000003000][x.x.x.x/- -] [-/- -]Failed to import content file [/store/tmp/cmt/out/20240802123052/CustomProperties_MicrosoftWindows.xml]
Aug  2 12:31:23 ::ffff:127.0.0.1 [tomcat.tomcat] [227421b6-0edd-43e0-8a11-4d7dd18d6350@localhost] com.ibm.si.data_ingestion.api.impl.cmt.tasks.InstallExtensionTask: [ERROR] [NOT:0000003000][x.x.x.x/- -] [-/- -]installing extension with id = 22292 failed: Detected a conflict while importing a custom property.
Aug  2 12:31:23 ::ffff:127.0.0.1 [tomcat.tomcat] [227421b6-0edd-43e0-8a11-4d7dd18d6350@localhost] java.lang.Exception: Detected a conflict while importing a custom property.

Regards,

Ralph

Hi Ralph

Do you see any errors in the logs such as the folllowing when trying to import the content pack

Property with id [1aaa2e1c-66eb-4107-a26c-2cd98bdb51f3] already exists but have a different name

Also are there any errors for the com.ibm.si.content_management class?

Thanks

Hi community,

another issue I struggled with. There's a current content package update for Microsoft Windows CEPs. But it failed to update.
It is interesting to note, that the same error occurs in 3 other Radar Deployments I manage... And it doesn't matter which Release. In my scenarios it's 7.5.0UP9 and 7.5.0UP8IF03.

Hey Ralph,

I have been looking into this internally.  There was a CEP included in a very old verson of UBA with the same name.  We are working on getting an updated version of the Content pack creatd to resolve this.

I will let you know as soon as I have more information.

Thanks

Hey John,

yes, i can see the following errors:

Aug  2 12:31:23 ::ffff:127.0.0.1 [tomcat.tomcat] [227421b6-0edd-43e0-8a11-4d7dd18d6350@localhost] com.ibm.si.content_management.ContentCustom: [ERROR] [NOT:0000003000][x.x.x.x/- -] [-/- -]Conflict during the import of property [Key Length], found an existing property with the same name but different type
Aug  2 12:31:23 ::ffff:127.0.0.1 [tomcat.tomcat] [227421b6-0edd-43e0-8a11-4d7dd18d6350@localhost] com.ibm.si.content_management.ContentManager: [ERROR] [NOT:0000003000][x.x.x.x/- -] [-/- -]Failed to import content file [/store/tmp/cmt/out/20240802123052/CustomProperties_MicrosoftWindows.xml]
Aug  2 12:31:23 ::ffff:127.0.0.1 [tomcat.tomcat] [227421b6-0edd-43e0-8a11-4d7dd18d6350@localhost] com.ibm.si.data_ingestion.api.impl.cmt.tasks.InstallExtensionTask: [ERROR] [NOT:0000003000][x.x.x.x/- -] [-/- -]installing extension with id = 22292 failed: Detected a conflict while importing a custom property.
Aug  2 12:31:23 ::ffff:127.0.0.1 [tomcat.tomcat] [227421b6-0edd-43e0-8a11-4d7dd18d6350@localhost] java.lang.Exception: Detected a conflict while importing a custom property.

Regards,

Ralph

Hi Ralph

Do you see any errors in the logs such as the folllowing when trying to import the content pack

Property with id [1aaa2e1c-66eb-4107-a26c-2cd98bdb51f3] already exists but have a different name

Also are there any errors for the com.ibm.si.content_management class?

Thanks

Hi community,

another issue I struggled with. There's a current content package update for Microsoft Windows CEPs. But it failed to update.
It is interesting to note, that the same error occurs in 3 other Radar Deployments I manage... And it doesn't matter which Release. In my scenarios it's 7.5.0UP9 and 7.5.0UP8IF03.