Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Resolved Issues

The resolved issues addressed in the JSA 7.5.0 Update Package 4 are listed below:

  • ‘Globalview’ AQL (advanced search) function can sometimes fail to return results.

  • AQL reference set contains function does not use indexes when reference set is alphanumeric.

  • The Analyst Workflow App version 2.31.4 displays an internal server error when default locale is changed.

  • App host does not communicate with console correctly when connection is encrypted and has to pass a firewall.

  • Buttons added to the user interface by QRadar apps do not respond.

  • Duplicate server types in server discovery assets menu.

  • Vulnerability records can become orphaned for scanned assets that do not have clean vuln ports configured.

  • Asset saved search criteria that is configured as default changes on subsequent result pages.

  • Updated rule response is marked blank if modifying all responses.

  • Bind credential for LDAP repos clears if saved without successful connection test.

  • Modified system building blocks stop matching any events until ecs-ep service is restarted.

  • XML custom event properties fail to work as expected for payloads that contain a byte order mark.

  • Event processor cre thread unexpectedly shutdown due to AQL custom property with the same name as existing regex custom property.

  • Host key verification failed and known_host not updating in encrypted deployment after moving gateway to new event processor.

  • Rebalance can lead to a destination host reaching service shutdown due to disk space usage threshold exceeded.

  • Deploy changes can error out if the server table has a non fully qualified domain name.

  • Deployments with a large number of HA hosts, hostcontext processes might not complete due to the number of managed host.

  • Host context timeout due to “file /storetmp/addhost_{host ip}1/status.Txt does not exist” error.

  • Unable to add an additional log source to domain after 100 log sources are present.

  • JSA patch fails after running the glusterfs_migration_manager on required event collectors.

  • Custom property and AQL properties on forwarding profiles are not checked for if they are in use before deletion.

  • Stored events that are forwarded using online forwarding go to ‘sim generic’ log source on the receiving JSA system.

  • A value of ‘null’ can sometimes be incorrectly displayed in network activity for geographic country/region column.

  • High availability (HA) pairing fails when the ip address of the secondary is the same as a deleted managed host.

  • Incorrect status for network interfaces can be displayed for high availability host.

  • Serial console installations create duplicate entries in grub.

  • A JSA “software install” can unexpectedly attempt to run an older ISO installation after reboot.

  • Mysql log sources using the jdbc protcol and tls can stop working after 2:00 am.

  • QRadar Log Source Management 7.0.7 displays blank page when accessed from the filter panel on the admin page.

  • The Log Source Management App might display protocol update alert when the protocol is already the latest version.

  • Performance issues can occur when JSA attemps a reload of sensor devices when log sources exceed 2 million.

  • Time synchronization can fail on managed hosts.

  • Encrypted tunnels between managed hosts can fail to start after patching to JSA 7.5.0 Update Package 1 or later.

  • Sorting by column in the offenses tab removes search filters.

  • Application error on destination ip validation for incorrect format of IP address.

  • The “top 5 source ips” offense emails do not contain the country name.

  • ‘Application error’ occurs after an extended period of time when attempting to load the offense page.

  • Performance degradation caused by AQL properties parsing on every query.

  • “Scheduled adapter backup for device” error message when device added to risk manager with backup option.

  • /qrm/srm_update_1138.Sql can cause 7.5.0 Update Package 1 upgrade to fail on hosts where required index doesn’t exist.

  • JSA Risk Manager can display a confirmation message during device import when the devices are not imported.

  • Error exporting data when filtering from the manage vulnerabilites list.

  • JSA Vulnernabiity Manager scan results screen displays ‘could not receive message’ error.

  • Chrome and Edge browsers cut off the bottom edge of the report wizard.

  • Reports fail to generate with no error in UI.

  • Daily or weekly reports generated during daylights savings end 1 hour early.

  • Refreshing the page after the changes are made for sharing reporting groups, the changes do not appear to have been saved.

  • Rules containing tests against geographic location can sometimes cause issues with cre pipeline performance.

  • Rule_id was not found for uuid = system-1151.

  • A custom property called ‘hostname’ changes to ‘host name’ when used as a response limiter in the rule wizard.

  • Offense rule using ‘and when the destination list includes any of the following A.B.C.D/e’ test with public ip does not trigger.

  • Flow ID super index consumes a large amount of storage space.

  • Searches using a custom property can be slower to complete than expected.

  • Clicking the help icon results in “page not found” for system notification: “the accumulator has fallen behind…”.

  • Timezone cannot be changed from UI and system time settings UI tab might fail to load.

  • Collation errors in JSA logging occur when JSA is set to some locales.

  • The delegated admin role is being created without giving permission for the Log Source Management App.