IBM Support

IV89519: RULES THAT TEST AGAINST REFERENCE MAP OF DATA SETS CAN SOMETIMES FIRE UNEXPECTEDLY

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • It has been observed in some instances where rules, which are
    testing against received events and defined reference map of
    sets data, can fire unexpectedly.  When this occurs, false
    positive results (offenses) can be generated as the rule/test
    should not have fired with the combined events received,
    reference set data, and defined rule criteria.
    

Local fix

  • No workaround available.
    

Problem summary

  • It has been observed in some instances where rules, which are
    testing against received events and defined reference map of
    sets data, can fire unexpectedly.  When this occurs, false
    positive results (offenses) can be generated as the rule/test
    should not have fired with the combined events received,
    reference set data, and defined rule criteria.
    

Problem conclusion

  • This issue was resolved with QRadar/QRM/QVM/QRIF 7.3.0
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV89519

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    728

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-09-28

  • Closed date

    2017-04-11

  • Last modified date

    2017-04-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR SOFTWARE

  • Fixed component ID

    5725QRDSW

Applicable component levels

  • R730 PSY

       UP



Document information

More support for: IBM QRadar SIEM

Software version: 728

Reference #: IV89519

Modified date: 11 April 2017