Resolved Issues
The resolved issues addressed in the JSA 7.5.0 Update Package 4 are listed below:
-
‘Globalview’ AQL (advanced search) function can sometimes fail to return results.
-
AQL reference set contains function does not use indexes when reference set is alphanumeric.
-
The Analyst Workflow App version 2.31.4 displays an internal server error when default locale is changed.
-
App host does not communicate with console correctly when connection is encrypted and has to pass a firewall.
-
Buttons added to the user interface by QRadar apps do not respond.
-
Duplicate server types in server discovery assets menu.
-
Vulnerability records can become orphaned for scanned assets that do not have clean vuln ports configured.
-
Asset saved search criteria that is configured as default changes on subsequent result pages.
-
Updated rule response is marked blank if modifying all responses.
-
Bind credential for LDAP repos clears if saved without successful connection test.
-
Modified system building blocks stop matching any events until ecs-ep service is restarted.
-
XML custom event properties fail to work as expected for payloads that contain a byte order mark.
-
Event processor cre thread unexpectedly shutdown due to AQL custom property with the same name as existing regex custom property.
-
Host key verification failed and known_host not updating in encrypted deployment after moving gateway to new event processor.
-
Rebalance can lead to a destination host reaching service shutdown due to disk space usage threshold exceeded.
-
Deploy changes can error out if the server table has a non fully qualified domain name.
-
Deployments with a large number of HA hosts, hostcontext processes might not complete due to the number of managed host.
-
Host context timeout due to “file /storetmp/addhost_{host ip}1/status.Txt does not exist” error.
-
Unable to add an additional log source to domain after 100 log sources are present.
-
JSA patch fails after running the glusterfs_migration_manager on required event collectors.
-
Custom property and AQL properties on forwarding profiles are not checked for if they are in use before deletion.
-
Stored events that are forwarded using online forwarding go to ‘sim generic’ log source on the receiving JSA system.
-
A value of ‘null’ can sometimes be incorrectly displayed in network activity for geographic country/region column.
-
High availability (HA) pairing fails when the ip address of the secondary is the same as a deleted managed host.
-
Incorrect status for network interfaces can be displayed for high availability host.
-
Serial console installations create duplicate entries in grub.
-
A JSA “software install” can unexpectedly attempt to run an older ISO installation after reboot.
-
Mysql log sources using the jdbc protcol and tls can stop working after 2:00 am.
-
QRadar Log Source Management 7.0.7 displays blank page when accessed from the filter panel on the admin page.
-
The Log Source Management App might display protocol update alert when the protocol is already the latest version.
-
Performance issues can occur when JSA attemps a reload of sensor devices when log sources exceed 2 million.
-
Time synchronization can fail on managed hosts.
-
Encrypted tunnels between managed hosts can fail to start after patching to JSA 7.5.0 Update Package 1 or later.
-
Sorting by column in the offenses tab removes search filters.
-
Application error on destination ip validation for incorrect format of IP address.
-
The “top 5 source ips” offense emails do not contain the country name.
-
‘Application error’ occurs after an extended period of time when attempting to load the offense page.
-
Performance degradation caused by AQL properties parsing on every query.
-
“Scheduled adapter backup for device” error message when device added to risk manager with backup option.
-
/qrm/srm_update_1138.Sql can cause 7.5.0 Update Package 1 upgrade to fail on hosts where required index doesn’t exist.
-
JSA Risk Manager can display a confirmation message during device import when the devices are not imported.
-
Error exporting data when filtering from the manage vulnerabilites list.
-
JSA Vulnernabiity Manager scan results screen displays ‘could not receive message’ error.
-
Chrome and Edge browsers cut off the bottom edge of the report wizard.
-
Reports fail to generate with no error in UI.
-
Daily or weekly reports generated during daylights savings end 1 hour early.
-
Refreshing the page after the changes are made for sharing reporting groups, the changes do not appear to have been saved.
-
Rules containing tests against geographic location can sometimes cause issues with cre pipeline performance.
-
Rule_id was not found for uuid = system-1151.
-
A custom property called ‘hostname’ changes to ‘host name’ when used as a response limiter in the rule wizard.
-
Offense rule using ‘and when the destination list includes any of the following A.B.C.D/e’ test with public ip does not trigger.
-
Flow ID super index consumes a large amount of storage space.
-
Searches using a custom property can be slower to complete than expected.
-
Clicking the help icon results in “page not found” for system notification: “the accumulator has fallen behind…”.
-
Timezone cannot be changed from UI and system time settings UI tab might fail to load.
-
Collation errors in JSA logging occur when JSA is set to some locales.
-
The delegated admin role is being created without giving permission for the Log Source Management App.