IBM QRadar

HI everybody,

There is an open issue in Qradar 7.5 UP10 described here:

Known Issue: DT418192

If i understand well it cause a problem if you are using Windows or Check Point log collection and forward this events to Qradar instead to send directly to Qradar. Is there anybody how are using this forwarder setup and upgrade the system Up10 or higher? I'm interested any details about this issue: how painful it? all events are affected by the issue? or just random ones? It is blocking us to upgrade for a long time.

Many thanks any answer.

------------------------------
Tamás Simon
------------------------------

You should contact support, this issue has been fixed in some DSMs and that may unblock you.

------------------------------
Rory Bray
Security and Compliance Architect, Threat Management
IBM
------------------------------

Original Message:
Sent: Mon May 05, 2025 11:16 AM
From: Tamás Simon
Subject: Known Issue DT418192 Source and destination IP addresses refer to the packet's IP addresses and are not extracted from the payload

HI everybody,

There is an open issue in Qradar 7.5 UP10 described here:

Known Issue: DT418192

If i understand well it cause a problem if you are using Windows or Check Point log collection and forward this events to Qradar instead to send directly to Qradar. Is there anybody how are using this forwarder setup and upgrade the system Up10 or higher? I'm interested any details about this issue: how painful it? all events are affected by the issue? or just random ones? It is blocking us to upgrade for a long time.

Many thanks any answer.

------------------------------
Tamás Simon
------------------------------