IBM QRadar

Hi community,

just to make sure, this useful Information is available for everybody who's using the Offense-E-Mail-Notification escalation rule to improve an automated prioritized Offense-Handling process.

I struggled with this bug after i had my first QRadar Deployment updated to UP13. After a couple of days I was wondering, why Offense-E-Mails seemed to stop being automatically processed. Using the button Actions -> Email within an Offense worked as expected. After spending some time of troubleshooting i created an IBM Support Case. And here is the provided "Known Issue" solution:

https://www.ibm.com/mysupport/s/defect/aCIgJ0000004YXl/dt448933?language=en_US

The provided workaround works like a charme!

But BTW.. it re-appeared also with IF01 applied!! Installing UP13 IF01 the commons-lang3-3.1.jar file re-appered in the /opt/ibm/si/services/ecs-ep/2021.6.13.20250819010639/bin directory! So you'll have to proceed the same steps using this "new" path and you're done!

The good news at the end is, that this will be finally fixed with IF02! I'm looking forward :)

Regards,

Ralph

Hi community,

just to make sure, this useful Information is available for everybody who's using the Offense-E-Mail-Notification escalation rule to improve an automated prioritized Offense-Handling process.

I struggled with this bug after i had my first QRadar Deployment updated to UP13. After a couple of days I was wondering, why Offense-E-Mails seemed to stop being automatically processed. Using the button Actions -> Email within an Offense worked as expected. After spending some time of troubleshooting i created an IBM Support Case. And here is the provided "Known Issue" solution:

https://www.ibm.com/mysupport/s/defect/aCIgJ0000004YXl/dt448933?language=en_US

The provided workaround works like a charme!

But BTW.. it re-appeared also with IF01 applied!! Installing UP13 IF01 the commons-lang3-3.1.jar file re-appered in the /opt/ibm/si/services/ecs-ep/2021.6.13.20250819010639/bin directory! So you'll have to proceed the same steps using this "new" path and you're done!

The good news at the end is, that this will be finally fixed with IF02! I'm looking forward :)

Regards,

Ralph

Hi Ralph,

thanks for sharing. How have you been able to start the update? The procedure I used until UP 12 fails because the sfs > 5 GB?
Regards,

Martin

Hi community,

just to make sure, this useful Information is available for everybody who's using the Offense-E-Mail-Notification escalation rule to improve an automated prioritized Offense-Handling process.

I struggled with this bug after i had my first QRadar Deployment updated to UP13. After a couple of days I was wondering, why Offense-E-Mails seemed to stop being automatically processed. Using the button Actions -> Email within an Offense worked as expected. After spending some time of troubleshooting i created an IBM Support Case. And here is the provided "Known Issue" solution:

https://www.ibm.com/mysupport/s/defect/aCIgJ0000004YXl/dt448933?language=en_US

The provided workaround works like a charme!

But BTW.. it re-appeared also with IF01 applied!! Installing UP13 IF01 the commons-lang3-3.1.jar file re-appered in the /opt/ibm/si/services/ecs-ep/2021.6.13.20250819010639/bin directory! So you'll have to proceed the same steps using this "new" path and you're done!

The good news at the end is, that this will be finally fixed with IF02! I'm looking forward :)

Regards,

Ralph