Question & Answer
Question
Why does the XFORCE_IP_CATEGORY display as N/A when searched for using AQL under the Log Activity tab?
Answer
Consider these AQL queries where the XFORCE_IP_CATEGORY column is included:
SELECT XFORCE_IP_CATEGORY('X.X.X.X') from events limit 1
SELECT sourceip, XFORCE_IP_CATEGORY(sourceip) as IPcategories from events
Example:
Here for the obfuscated IP addresses, the categorization is displayed as N/A.
If we right-click the IP to check its categorization on X-Force Exchange, it is categorized as 'Unsuspicious':
Hence, those IP addresses that have categorization as "Unsuspicious" in X-Force Exchange, have their XFORCE_IP_CATEGORY displayed as N/A in the Log Activity tab.
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtEAAQ","label":"Log Activity"}],"ARM Case Number":"TS011314345","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
26 April 2023
UID
ibm16984433