Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Resolved Issues

 

The following are the resolved issues addressed in the JSA 7.4.1:

  • JSA USERS CAN BE UNABLE TO LOGIN TO THE USER INTERFACE WHEN MULTIPLE HOST LOCKS OCCUR AT THE SAME TIME.

  • NETWORK ID FETCHED BY API '/ASSET_MODEL/ASSETS" AND 'CONFIG/NETWORK_HIERARCHY/NETWORKS' ARE DIFFERENT.

  • OFFENSE API DOES NOT RETURN EXPECTED OFFENSES WHEN USING "ID" AND "INACTIVE" FIELD IF OFFENSE ACTIVE_CODE IS 'DORMANT.

  • JSA OFFENSE API INEFFICIENCIES CAN CAUSE HIGHER THAN EXPECTED APPLIANCE SYSTEM LOAD.

  • RESET OF JSA CERTIFICATES CAN FAIL WHEN JSACA-MONITOR SERVICE IS RUNNING AT THE SAME TIME.

  • JSA APPS CAN GO OUT OF MEMORY DUE TO A RHEL KERNEL BUG WITH DENTRY SLAB CACHE.

  • APPS CAN FAIL TO LOAD DUE TO CERTIFICATES NOT BEING RENEWED AS EXPECTED WHEN THE JSACA-MONITOR SERVICE HANGS.

  • JSA APP INSTALLATION OR REMOVAL CAN GENERATE REPEATED LOG WRITES 'USING GET RESPONSE BODY AS STREAM INSTEAD IS RECOMMENDED'.

  • AQL QUERIES WITH SUBQUERIES CAN CAUSE A FILE HANDLE LEAK THAT LEADS TO ARIEL SERVICE OUTAGES.

  • ADVANCED SEARCH (AQL QUERY) CONTAINING GEO::LOOKUP RETURNS AN EMPTY JSON STRING FOR 'CITY' VARIABLE.

  • EVENT MAPPING ADDS OR EDITS PERFORMED USING THE 'MAP EVENT' BUTTON IN LOG ACTIVITY ARE NOT AUDITED.

  • AUTOUPDATE AND CRON NOT RUNNING ON 7.3.2 JSA IMAGES INSTALLED ON GOOGLE CLOUD PLATFORM AND AMAZON WEB SERVICES.

  • BACKUP/RESTORE PAGE IN THE JSA USER INTERFACE CAN FAIL TO LOAD 'PLEASE WAIT WHILE THE REQUESTED INFORMATION IS GATHERED'.

  • CONFIG BACKUP CAN TAKE LONGER THAN EXPECTED TO COMPLETE IF A MANAGED HOST TIMEOUT OCCURS.

  • CONTENT MANAGEMENT TOOL IMPORT CONTAINING A DELETED/DISABLED BULK ADD LOG SOURCE CAN FAIL.

  • JSON EXPRESSIONS CAN MATCH IN CUSTOM EVENT PROPERTY UI PAYLOAD TESTS BUT DO NOT MATCH ON RECEIVED EVENTS.

  • CUSTOM PROPERTY IS NOT PROPERLY PARSED FROM EVENT PAYLOAD WHEN EXPRESSION BASED DATA OBFUSCATION HAS BEEN IN USE.

  • DASHBOARD DATA (INCLUDING TIME SERIES) CAN FAIL TO LOAD.

  • 'TUNNEL HAS FAILED TO START' MESSAGES AFTER REASSIGNING AN ENCRYPTED DATA NODE TO A DIFFERENT EVENT PROCESSOR.

  • DOMAIN OBFUSCATION PROFILE CAN FAIL TO BE COPIED CORRECTLY TO EVENT COLLECTOR.

  • QRADAR NETWORK INSIGHTS (QNI) DECAPPER CAN CRASH AND GENERATE A CORE DUMP.

  • DEPLOY FUNCTION CAN FAIL DUE TO AN INCONSISTENT INDEX FROM THE CONSOLE VS MANAGED HOST(S).

  • DEPLOY FULL CONFIGURATION FUNCTION DOES NOT PROGRESS PAST "PREPARING FOR DEPLOYMENT" MESSAGE.

  • 'DEPLOY' BUTTON DOES NOT FUNCTION FOM THE 'ADMIN TAB > DATA SOURCES > EVENTS' WINDOW.

  • A JSA APP BACKUP SCRIPT CAN SOMETIMES FAIL CAUSING /STORE PARTITION FREE SPACE ISSUES.

  • 'NO EVENTS WERE PARSED' MESSAGE AND BLANK LOG ACTIVITY PREVIEW WHEN USING THE DSM EDITOR TO CONFIGURE EVENT PARSING.

  • DSM EDITOR PAGE 'EXPORT' BUTTON IS MISSING.

  • DSM EDITOR USER INTERFACE REGEX VALIDATION CAN DIFFER FROM THE JSA PIPELINE.

  • EMAILS FROM RULE RESPONSES CAN FAIL AND NOT BE SENT PROPERLY.

  • ATTACHING AN EVENT COLLECTOR TO A DIFFERENT EVENT PROCESSOR (EP) LEAVES OLD TUNNEL CONNECTIONS TO THE ORIGINAL EP.

  • EVENT COLLECTION ON APPLIANCES CAN STOP DUE TO AN INCORRECT PIPELINE DISK MONITOR FREE SPACE CALCULATION.

  • FIREWALL RULE CHANGES PERFORMED IN THE UI WHEN IPV6 IS ENABLED GENERATE AN ERROR: 'UNEXPECTED SERVER ERROR OCCURS'.

  • A MANUALLY ADDED OR EDITED FLOW SOURCE ALIAS DOES NOT WORK AS EXPECTED.

  • REFERENCE DATA CAN FAIL TO BE UPDATED WHEN REFERENCEDATA.TIMETOLIVE.PERIOD IS SET TO 0.

  • 'LAST PROXY IPV4' AND 'LAST PROXY IPV6' FLOW DATA IS NOT PARSED CORRECTLY.

  • FLOWS CAN CONTAIN INCORRECT VALUES FOR PACKET TIMES, IP ADDRESSES, PROTOCOLS, SIZE, SOURCE OR DESTINATION PORT.

  • FLOW RECORDS CAN SOMETIMES DISPLAY LAST PACKET TIME OF 'N/A' AND BYTE AND PACKET COUNT OF '0' IN NETWORK ACTIVITY.

  • QNI FLOWS INTO JSA ARE DECREASED AND/OR STOP SENDING ENTIRELY.

  • HISTORICAL CORRELATION CAN COMPLETE WITH ERRORS WHEN USING 'COMMON RULES'.

  • JSA SOFTWARE INSTALL CAN FAIL DUE TO PARTITION SIZE CHECK FAILURE.

  • IPV6 MANAGED HOSTS DO NOT AUTOMATICALLY PATCH WHEN USING THE "PATCH ALL" OPTION.

  • PATCH PRETEST VALIDATE_HOSTNAME.SH CAN FAIL ON A SECONDARY MANAGED HOST APPLIANCE CAUSING PATCH PROCESS TO FAIL.

  • JSA PATCHING PROCESS CAN FAIL ON DB_UPDATE.187085.HOSTNAMETYPE_UPDATE.SQL.

  • JSA PATCHING PROCESS CAN FAIL ON DB_UPDATE_740.ARIEL_GENERICLIST_PROPERTY_EXPRESSION.SQL.

  • NO WARNING OF UPCOMING EPS/FPS LICENSE EXPIRING.

  • LICENSE CANNOT BE APPLIED SUCCESSFULLY TO QNI APPLIANCE TYPES 6500 ON PATCHED DEPLOYMENTS.

  • AUTO DISCOVERED LOG SOURCES ARE NOT AUTO DISCOVERED AGAIN IF DELETED USING THE LOG SOURCE MANAGEMENT APP.

  • ADD HOST CAN FAIL WITH PASSWORD DECODING ERROR.

  • OFFENSE PURGING CAN FAIL IN JSA 7.4.0 FP1 IF01 OR 7.4.0 FP2 WHEN THE PATCHING PATH BEGAN AT JSA 7.3.3 FP3.

  • OFFENSE PURGING CAN SOMETIMES FAIL WITH A BATCH UPDATE EXCEPTION.

  • EXPORTING OFFENSES CAN FAIL WITH AN ERROR 'THERE WAS A PROBLEM COMPLETING YOUR EXPORT. PLEASE TRY AGAIN LATER'.

  • OFFENSES CAN FAIL TO BE UPDATED AFTER A CONSOLE APPLIANCE REBOOT.

  • SELECTING 'SHOW INACTIVE CATEGORIES' WHEN VIEWING OFFENSE 'BY CATEGORY' DISPLAYS RESULTS AS "NONE" OR "0".

  • OFFENSE SOURCE SUMMARY DISPLAYS INCORRECTLY FOR OFFENSES INDEXED ON REGEX CUSTOM PROPERTIES WITH FIELD TYPE "IP".

  • 'APPLICATION ERROR' WHEN ATTEMPTING TO CLOSE OPEN OFFENSES USING DASHBOARD WIDGET.

  • OFFENSE SUMMARY PAGE CAN SOMETIMES TAKE LONGER THAN EXPECTED TO LOAD FOR OFFENSES WITH A LARGE NUMBER OF ATTACKERS.

  • ATTEMPTING TO OPEN AN OFFENSE CAN FAIL WHEN THERE ARE A LARGE NUMBER OF NETWORKS ASSOCIATED TO IT.

  • SOME SMTP AND FTP FLOWS RECEIVED BY QNI MISCLASSIFIED AS IRC TRAFFIC.

  • THE /TMP PARTITION CAN RUN OUT OF FREE SPACE DUE TO THE IMGCTR.LOG FILE.

  • RISK_MANAGER_BACKUP.SH CREATES TARBALL FILES IN /STORE/QRM_BACKUPS/ DIRECTORY ON JSA CONSOLE.

  • ‘{PROFILENAME} CANNOT BE RAN AS IT HAS ON DEMAND SCANNING ENABLED’ WHEN SCAN NAME CONTAINS ‘RC’ OR CRE’.

  • TOMCAT OUT OF MEMORY CAN OCCUR DURING AUTOMATED REFERENCE DATA CLEANUP BY JSA.

  • INSTANCES OF NO SEARCH RESULTS RETURNED CAN OCCUR FOR USER ROLES WITH 'READ ONLY' PERMISSIONS ON REFERENCE SETS.

  • 'DAILY "START TIME" MUST BE BEFORE "END TIME"' MESSAGE WHEN SELECTING PREVIOUS DAY START TIME BETWEEN 12AM AND 12:45AM.

  • REPORTS FAIL TO GENERATE AFTER A CONSOLE MIGRATION HAS BEEN PERFORMED.

  • ASSET PROFILER EXCEPTION CAUSED BY NEW 'CRITICAL RISK FACTOR' CLASSIFICATION IN JSA VULNERABILITY MANAGER.

  • ONLINE AND OFFLINE TCP SELECTIVE FORWARDING CAN LOSE AN EVENT DURING A CONNECTION RESET.

  • PARSING RULE 'WHEN THE EVENT MATCHES THIS SEARCH FILTER' CAN GENERATE A NUMBER FORMAT EXCEPTION.

  • RULES WITH CONDITIONS THAT SPAN ACROSS MIDNIGHT DO NOT WORK AS EXPECTED.

  • 'WHEN THE EVENT(S) HAVE NOT BEEN DETECTED BY ONE OR MORE OF THESE LOG SOURCE GROUPS' TEST ALLOWS RULE ACTIONS TO BE SET.

  • RULES THAT COMPARE FIELD 'SOURCE OR DESTINATION IP' AGAINST IP TYPE REFERENCE DATA FOR SUPERFLOWS FAIL.

  • PERFORMANCE IMPROVEMENTS WITH REFERENCE DATA AND CUSTOM RULE ENGINE PROCESSING.

  • UNABLE TO EDIT AQL FILTER IN A RULE WHEN '%\U' OR '%\X%' PARAMETERS ARE USED IN THE LIKE CLAUSE.

  • UNABLE TO EDIT FLOW RULE 'QNI: POTENTIAL SPAM/PHISHING SUBJECT DETECTED FROM MULTIPLE SENDING SERVERS'.

  • THE RULE EDITOR DOES NOT DISPLAY THE SPECIAL SYMBOL " + " WHEN DISPLAYING RULE CONDITIONS.

  • JSA VULNERABILITY MANAGER SCAN RESULT RECORDS LISTED IN THE USER INTERFACE ARE NEVER PURGED.

  • JSA VULNERABILITY MANAGER SCANNER REVERSE TUNNELS ARE NOT BEING CREATED WHEN THE JSA VULNERABILITY MANAGER PROCESSOR IS LOCATED ON THE JSA CONSOLE.

  • ARIEL SEARCHES FAIL AND EVENTS ARE NOT PROCESSED/WRITTEN TO DISK WHEN A CONCURRENT MODIFICATION EXCEPTION OCCURS.

  • ‘SHOW AQL’ BUTTON DISPLAYS “NULL” OUTPUT FOR A SAVED SEARCH USING ‘PAYLOAD MATCHES REGULAR EXPRESSION’ FILTER.

  • HOST CONTEXT FAILS TO START WHEN A CONFIG PRIOR TO 7.1MR2 IS RESTORED ON A NEW INSTALL OF 7.3.1.

  • SYSTEM NOTIFICATIONS FOR ‘PROCESS TUNNEL.TUNNEL{XXX} HAS FAILED TO START…” CAN BE CAUSED BY DUPLICATE OFFSITE TUNNEL CREATION.

  • JSA SYSTEM NOTIFICATIONS THAT CONTAIN QIDS WITH URL LINKS CAN DISPLAY INCORRECTLY AFTER PATCHING JSA.

  • NOTIFICATION TABLE CONTAINS DUPLICATE ROWS FOR THE SAME EVENT CAUSING DISCREPANCY IN NOTIFICATION DATA DISPLAYED.

  • SYSTEM NOTIFICATION 'PROCESS MONITOR: APPLICATION HAS FAILED TO START UP MULTIPLE TIMES' AFTER REMOVING NAT FROM MANAGED HOST.

  • SUBNETS CAN INTERMITTENTLY APPEAR AND DISAPPEAR ON THE JSA RISK MANAGER TOPOLOGY SCREEN.

  • DRACUT ERROR 'WARNING:DRACUT-INITQUEUE TIMEOUT STARTING TIMEOUT SCRIPTS' DURING UPGRADE.

  • PATCHING CAN SUCCEED ON THE CONSOLE BUT FAIL AND ROLL BACK ON MANAGED HOSTS.

  • PATCHING PROCESS TO JSA 7.4 CAN FAIL WHEN ATTACKER_HISTORY DATABASE TABLE CONTAINS DUPLICATE VALUES.

  • JSA APPLICATIONS CAN BE MISSING AFTER PATCHING JSA TO 7.4.0 FP1 OR NEWER.

  • JSA PATCH FAILS WHEN MORE THAN ONE .SFS IS MOUNTED.

  • VULNERABILITY MANAGER SCANS DO NOT RESPECT CONFIGURED OPERATIONAL WINDOWS.