IV50569: EMAIL RULE RESPONSE SPECIFIES THE WRONG SOURCE IP ADDRESS WHEN A SUPERFLOW TRIGGERED THE RULE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • If superflow causes a rule that tests the Source IP parameter
    to generate an email response, only one Source IP address is
    specified in the email response and that IP address might not
    match the Source IP address the rule is configured for.  A
    superflow includes multiple source IP addresses and the rule
    detected one of those IP addresses, however, the email response
    does not clearly indicate that a superflow triggered the rule.
    

Local fix

Problem summary

  • This issue was resolved with QRadar 7.2.6 Patch 3.
    

Problem conclusion

  • This issue was resolved with QRadar 7.2.6 Patch 3.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV50569

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    720

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2013-10-08

  • Closed date

    2016-03-29

  • Last modified date

    2016-03-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR SOFTWARE

  • Fixed component ID

    5725QRDSW

Applicable component levels

  • R726 PSY

       UP



Document information


More support for:

IBM Security QRadar SIEM

Software version:

720

Reference #:

IV50569

Modified date:

2016-03-29

Translate my page

Content navigation