Release Notes
Abstract
A list of issues that were fixed in IBM Security QRadar SIEM V7.2.5.
Content
| Number | Description |
|---|
| IV42471 | When changing global configuration password, it may take a long time to complete. |
| IV43440 | Unable to filter on closed offenses. |
| IV46111 | Rule text counters might reset when the rule test reloads. |
| IV46116 | The high availability (HA) wizard fails to add a host because the IP address is already defined in the server host table. |
| IV46417 | A harmless error message might display when you apply a fix pack update to your QRadar system. |
| IV50522 | Email notifications fail if the configured email address contains a hyphen "-". |
| IV50564 | Changing from the All User role to the Admin user role does not update the event or flow lists displayed on the dashboard table. |
| IV50732 | List of events does not display properly due to HTML parsing error when you use the Microsoft Internet Explorer 8 web browser. |
| IV50740 | Pending automatic updates might install unexpectedly when you update a schedule on the updates window. |
| IV51020 | Unable to create a log source only or network only security profile without both log sources and networks specified. |
| IV54327 | Source and destination asset name columns do not query the hostname component of the asset profile. |
| IV54471 | Modifying a report template might not allow users to change the end date of the report beyond September 16, 2010. |
| IV54685 | Network I/O issues on a managed host might generate an out-of-memory issue on the console. |
| IV54705 | ARIELCLIENT contains additional line feed at the end of file. |
| IV55696 | Canned quick searches do not show in manage search results but custom quick searches do. |
| IV56033 | Performing a sort of search results for an in-progress search gives error 'This query has timed out and is no longer valid. |
| IV56451 | Bulk add of log sources may generate an F5 error on the UI. |
| IV57325 | Data accumulation and unique count may not be displayed for the admin on searches created by non-admin users. |
| IV58681 | Filtering on a custom property that contains the substring "ID:"returns no results. |
| IV59099 | Incorrect host.token causes external authentication to fire for "sec" user. |
| IV59873 | Adding custom event properties with certain special characters can cause an exception when filtering. |
| IV59990 | Log activity search shows wrong date when the dashboard graphs haven't fully loaded and view is pressed in log activity. |
| IV60091 | DHCPv6 flow traffic being parsed with incorrect event name and low level category. |
| IV60208 | After an upgrade to QRadar 7.2.2 Patch 1, new log sources do not automatically discover on managed hosts. |
| IV60574 | Ariel right click API does not work on Ariel properties. |
| IV61205 | Application error in many pages for user with $ in username. |
| IV61910 | Searches that combine high and low category search value filters return incorrect results. |
| IV62434 | X-Force rules trigger even when targeting trusted (non-malicious) domains. |
| IV62512 | Unable to change language settings as non-administrator user. |
| IV63067 | 1705 appliances show up as 1701 appliances in the System and License Management screen of the UI. |
| IV63125 | Adding a secondary to a managed host may fail due to /store being busy on the secondary. |
| IV63420 | Assetprofiler errors in qradar.log that refer to messagemarshallerv2. |
| IV63466 | The 'event processor' search filter does not work when setup in rules. |
| IV63939 | Searches and/or reports that contain the column 'source asset name' and are grouped by source IP will return 'none'. |
| IV64549 | IPFIX and NetFlow V9 only reads 16-bit and not 32-bit ASN numbers. |
| IV64741 | QRadar software only installation on customer supplied hardware with xx28 specifications may fail during setup. |
| IV64777 | Reports return different data when run against raw data versus a scheduled/accumulated data report. |
| IV65085 | When logging into the QRadar user interface, certain dashboard items show an error message. |
| IV65502 | Rules that use 'include detected event from this attacker from this point forward' are not adding new events to the offense. |
| IV65584 | When applying a log source extension to a log source type, the user interface appears to not apply the change successfully. |
| IV65935 | Offense search 'save criteria' option that contains a 'source network' functions correctly but does not display properly. |
| IV66213 | Newly created QRadar dashboards are accessible to all users with the same assigned user role. |
| IV66756 | Unable to load the 'log sources' page in the QRadar UI after patching from 7.1.2.x to 7.2.x. |
| IV67083 | Rules are no longer associated to offenses after a soft clean SIM is performed. |
| IV67212 | Hostcontext service does not automatically restart after daylight savings time change. |
| IV67219 | Empty plug-ins option on admin tab in the QRadar user interface. |
| IV67325 | SNMP daemon is not enabled on high availability secondary. |
| IV67522 | The remove item option from within a time series graph does not always work as expected in Chrome web browser. |
| IV67755 | QRadar data backups might fail to run successfully on managed hosts. |
| IV67807 | The Ariel rightclick.properties API drops the '\' or '$' characters in event properties. |
| IV67847 | Filtered network activity searches may return unexpected results. |
| IV67939 | Silent installs do not work in 7.2.4. |
| IV68011 | An 'application error' pop up window occurs when creating a flow rule that tests against reference table data. |
| IV68343 | Applying QRadar patch .sfs fails on high availability secondary. |
| IV68596 | 'An error has occurred. Refresh your browser...' message when attempting to disable or delete a rule in QRadar. |
| IV68877 | Time zone data displayed within QRadar is not accurate for some time zones. |
| IV69168 | Saved searches with special characters causes dashboards to disappear. |
| IV69695 | When dashboards are added to user roles, those users will no longer see the default dashboards. |
| IV69750 | Identity hostname is being populated by username in offense. |
| IV69817 | QFlow crashes if packet source adaptor is disabled. |
| IV69895 | Unable to restore config backup for non-english UI. |
| IV70515 | Eventprocessor filter in advanced query and RestAPI queries all event processors when specifying a specific event processor. |
| IV70522 | 'Error: null value in column' when adding a new admin user account with external auth and no password is entered. |
| IV70525 | Response time when configuring a log source is very slow when using with Chrome. |
| IV70601 | Ariel error when filtering on a sorted, aggregated column. |
| IV71009 | Deleting reference sets used in rules fails, but doesn't warn why. |
| IV71013 | Re-editing report description shows HTML </br>. |
| IV71265 | Dashboard legends bleeding HTML code in tooltip. |
| IV71266 | DSM jar files are not being properly restored from a config backup. |
| IV71980 | 'Domain' does not work as a search filter when using the QRadar advanced search functions. |
| IV72129 | 'An invalid cursor was provided to the query. Please try again' when a log or network activity search is performed. |
| IV72736 | RestAPI events are displaying as 'unknown' events. |
| IV72903 | System notification error 'Out of memory discovered for hostcontext' during backup process. |
| IV72934 | NullPointerException in QRadar log files caused by an invalid regular expression (regex) in a rule search filter test. |
| IV73043 | The /store/transient partition does not get re-mounted after performing a factory re-install using the 7.2.4 ISO. |
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg27045398