• Encryption: Upgrading to RHEL-8 on systems with LUKS encrypted partitions is not supported. For more information see, Hosts with LUKS encryption cannot be upgraded to 7.5.0 Update Pack 8
• Disk space: Leapp pretests fail to ensure if the /storetmp directory has sufficient disk space to store the upgrade cache directory. You must ensure that all appliances have at minimum 10GB of space available in the /storetmp directory before you upgrade to 7.5.0 Update Package 8. For more information, see the QRadar 7.5.0 Update Package 8 release notes.
• HA – Required: Administrators with High Availability (HA) appliances in their deployment must complete a post-installation step that is new in QRadar 7.5.0 Update Package 8. After the update completes, you must complete the procedure outlined in DT365145.
• WinCollect: QRadar 7.5.0 Update Package 8 users with WinCollect 7 must update to the latest version. If you upgrade to QRadar 7.5.0 Update Package 8 and have WinCollect 7.x agents deployed in managed mode, you must install the WinCollect 7.3.1-43 SFS file as outlined in the WinCollect 7.3.1 P3 release notes.
• Apps : Apps might go down during the base image update.
• Data Nodes: When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.
• Upgrade: If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.
• For the full list of known issues, see the release notes.

• DT257036: Unbound-anchor.service is reaching out publicly to DNS root servers
• DT258217: False-positive offenses are produced after the restart of ecs-ep process
• DT258235: Null Pointer Exception in Regex Monitor causes perfromance issues in event parsing
• DT258345: Re-adding a managed host can appear to be hung at the final step in the ‘Host is Being Added to Deployment’ window
• DT258961: False Positive offenses produced where rules use reference set not conditions
• DT259134: Unknown offense created on destination QRadar when forwarding normalized data from Source QRadar
• DT259571: Dropped events in log source protocol queue after upgrade to QRadar 7.5.0 Up 7
• DT259793: CRE Rule seems to be affecting the parsing of ADE AQL Properties
• DT084375: The managed search results page can be slow to load in QRadar environments with a large amount of Ariel query handles
• DT133052: QRadar – High availability crossover enable fails with ssh StrictHostKeyChecking
• DT256838: 7.5.0 UP7 IF03 Java change causes Amazon Web Service Log Source Type to stop working
• DT251945: Retain option available on freshly installed High Availability (HA) systems from factory reinstall
• DT251920: Time server set during initial installation reset after running qchange
• DT252014: HA Setup fails with “failed to change group ownership error”
• DT252073: QRadar tunnel-monitor service incorrectly attempts to create connections from HA standby appliances
• DT252127: Common rule test ‘Event or flow processed by custom rules engine’ can display a Number Format Exception
• DT252102: When AQL properties created before 7.4.3 exist in the forwarding profile, offline forwarding is slow
• DT252089: Invalid byte sequence for encoding “UTF8” while accessing reference data API or UBA import user
• DT252090: Historical correlation offense summary page can display a ‘file access error’ when viewing grouped events
• DT245546: STIG hardening on QRadar 7.5.0 Update Package 7 might not set a boot password, forcing a reinstall
• DT241221: HA Secondary disk space issues can occur when files for older versions of ECS are not removed
• DT244451: Hostcontext can exceed the default 256MB allocation, leading to out of memory issues on hosts
• DT244446: Custom rules: Match count rules do not trigger as expectedly when used with coalescing log sources
• DT244729: Log File protocol configured to connect with SFTP can stop collecting events unexpectedly in 7.5.0 UP7
• DT252131: Rule Wizard displays a blank pop up for the ‘Name of the flow source is one of these sources’ test
• DT252139: Asset details window does not display the latest email address when changed
• DT252100: Reference Table value incorrectly displayed in the rule responses of the Rule Wizard when edited
• DT259368: QRadar Applications failing to install/update after upgrading to QRadar 7.5.0 UP6
• DT224076: Rule Wizard displays ‘The response count must be 0 or greater’ when enabling response limiters with non-english UI locales
• DT238257: Nightly backups fail if applications are in error status
• DT251980: Rule “Source/Destination asset weight is low” can trigger when weight is higher than the defined parameter

• Encryption: Upgrading to RHEL-8 on systems with LUKS encrypted partitions is not supported. For more information see, Hosts with LUKS encryption cannot be upgraded to 7.5.0 Update Pack 8
• Disk space: Leapp pretests fail to ensure if the /storetmp directory has sufficient disk space to store the upgrade cache directory. You must ensure that all appliances have at minimum 10GB of space available in the /storetmp directory before you upgrade to 7.5.0 Update Package 8. For more information, see the QRadar 7.5.0 Update Package 8 release notes.
• HA – Required: Administrators with High Availability (HA) appliances in their deployment must complete a post-installation step that is new in QRadar 7.5.0 Update Package 8. After the update completes, you must complete the procedure outlined in DT365145.
• WinCollect: QRadar 7.5.0 Update Package 8 users with WinCollect 7 must update to the latest version. If you upgrade to QRadar 7.5.0 Update Package 8 and have WinCollect 7.x agents deployed in managed mode, you must install the WinCollect 7.3.1-43 SFS file as outlined in the WinCollect 7.3.1 P3 release notes.
• Apps : Apps might go down during the base image update.
• Data Nodes: When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.
• Upgrade: If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.
• For the full list of known issues, see the release notes.

• DT258961: False Positive offenses produced where rules use reference set not conditions.
• DT259571: Dropped events in log source protocol queue after upgrade to QRadar 7.5.0 UP 7.
• DT261291: Qualys and Nessus scans won’t run after installing 7.5.0 UP 7 IF03.

• New: Managed WinCollect 7 agents cannot receive updates from encrypted QRadar Managed Hosts with QRadar 7.5.0 Update Package 7 Interim Fix 05 or later. For more information, see DT269649
• WinCollect: WinCollect 7.x managed agents must upgrade to WinCollect 7.3.1-28 to resolve APAR IJ45285 where new agents or configuration changes cannot be applied without the new version.
• Auto update: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attempting to update.
• Apps: Before you upgrade, confirm your ftype configuration for Docker services.
• Apps : Apps might go down during the base image update.
• Upgrade: If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.
• Secure boot: Hosts with EFI firmware and Secure Boot enabled may become unresponsive. To avoid this problem, you must import the IBM public key contained on the SFS into the system keyring before patching. For more information, see Updating a Secure Boot enabled system

• DT258217: False-positive offenses are produced after the restart of ecs-ep process.
• DT258345: Re-adding host does not close dialog and does not allow remapping components.
• DT259793: CRE Rule seems to be affecting the parsing of ADE AQL Properties.

• WinCollect: WinCollect 7.x managed agents must upgrade to WinCollect 7.3.1-28 to resolve APAR IJ45285 where new agents or configuration changes cannot be applied without the new version.
• Auto update: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attempting to update.
• Apps: Before you upgrade, confirm your ftype configuration for Docker services.
• Apps : Apps might go down during the base image update.
• Upgrade: If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.
• Secure boot: Hosts with EFI firmware and Secure Boot enabled may become unresponsive. To avoid this problem, you must import the IBM public key contained on the SFS into the system keyring before patching. For more information, see Updating a Secure Boot enabled system

• DT252100 | IJ49409: Reference table value incorrectly displayed in the rule responses of the rule wizard when edited
• DT256838: 7.5.0 UP7 IF03 Java change causes Amazon Web Service Log Source Type to stop working

• WinCollect: WinCollect 7.x managed agents must upgrade to WinCollect 7.3.1-28 to resolve APAR IJ45285 where new agents or configuration changes cannot be applied without the new version.
• Auto update: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attempting to update.
• Apps: Before you upgrade, confirm your ftype configuration for Docker services.
• Apps : Apps might go down during the base image update.
• Upgrade: If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.
• Secure boot: Hosts with EFI firmware and Secure Boot enabled may become unresponsive. To avoid this problem, you must import the IBM public key contained on the SFS into the system keyring before patching. For more information, see Updating a Secure Boot enabled system

• IJ48955: Log file protocol configured to connect with sftp can stop collecting events unexpectedly in 7.5.0 UP7.

• WinCollect: WinCollect 7.x managed agents must upgrade to WinCollect 7.3.1-28 to resolve APAR IJ45285 where new agents or configuration changes cannot be applied without the new version.
• Auto update: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attempting to update.
• Apps: Before you upgrade, confirm your ftype configuration for Docker services.
• Apps : Apps might go down during the base image update.
• Data Nodes: When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.
• Upgrade: If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.

• IJ48883: Hostcontext can exceed the default 256MB allocation, leading to out of memory issues on hosts.

• WinCollect: WinCollect 7.x managed agents must upgrade to WinCollect 7.3.1-28 to resolve APAR IJ45285 where new agents or configuration changes cannot be applied without the new version.
• Auto update: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attmpting to update.
• Apps: Before you upgrade, confirm your ftype configuration for Docker services.
• Apps : Apps might go down during the base image update.
• Data Nodes: When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.
• Upgrade: If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.

• IJ46232: QRadar tunnel-monitor service incorrectly attempts to create connections from HA standby appliances.
• IJ48710: QRadar appliances configured with STIG hardening who upgrade to UP7 must remove a file before you reboot and run the harden utility is resolved in 7.5.0 UP7 IF1.

• WinCollect: WinCollect 7.x managed agents must upgrade to WinCollect 7.3.1-28 to resolve APAR IJ45285 where new agents or configuration changes cannot be applied without the new version.
• Auto update: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attmpting to update.
• Apps: Before you upgrade, confirm your ftype configuration for Docker services.
• Apps : Apps might go down during the base image update.
• Data Nodes: When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.
• Upgrade: If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.

• IJ16414: Reports generate with incorrect chart data and column name with some advanced searches (AQL)
• IJ24182: The tzdata DST rules for America/Santiago are out of date and have the incorrect date for switchover to DST.
• IJ29030: Log sources deleted from within log source groups can still appear in the QRadar user interface.
• IJ30347: “There was a problem saving the log source type configuration” after clicking save on the DSM editor page.
• IJ30863: QRadar content pack can cause offenses to be triggered off of source IP instead of custom event property configured in rule.
• IJ35845: Reports can be sent to user addresses in “multiple reports” option when “single report option” is selected.
• IJ35951: Benign error in patches.log file can be observed during or after a QRadar patch or upgrade.
• IJ36270: QRadar patching can fail due to disk space requirements when adequate space is available.
• IJ39393: Routing rule displays a blank page when the install is a software appliance on 7.5.0 UP1.
• IJ39620: Performance issues can occur when QRadar attempts a reload of sensor devices when log sources exceed 2 million.
• IJ39771: Scheduled weekly or monthly reports display “no data for chart” after upgrading to 7.5.0 UP5.
• IJ41206: App install fails during docker build with “an exception occurred while waiting for task to complete” error.
• IJ43426: Sorting by column in the offenses tab removes search filters.
• IJ43432: Tomcat might go out of memory during deployments when the user has millions of log sources.
• IJ43805: System notification displays incorrect message when the tomcat certificate is due to expire.
• IJ43957: Poor scalability in referencedata cache resulting in degrading search performance when using filters and tests.
• IJ44269: Users unable to export license information from QRadar Console GUI.
• IJ44724: QRadar asset creation events can display a generic identity:0 in the created by field for asset profiler events.
• IJ44868: Upgrade can complete and display an error about a custompropertiesscript trying to insert or update a table.
• IJ45396: Offense search can add unexpected filters to the current search parameters after closing an offense.
• IJ45679: Services can experience out of memory issues due to large certificate revocation lists (CLRS).
• IJ45735: Reports tab can display as blank if the template file for a removed user is missing.
• IJ45829: Rule wizard cannot transition to the next page properly when rule response updates a reference table.
• IJ45914: QRadar system anomaly detection engine (ADE) rules can generate extra rules when modified multiple times.
• IJ45926: Anomaly rule enabling “test the [this accumulated property] value of each log source separately” displays application error.
• IJ46116: Offense summary for match count rules does not return all results for the event/flow count field.
• IJ46159: Rule tests with multiple reference set values can display “an error has occurred saving your rule”.
• IJ46184: QFlow collectors and processors in different domains can experience connection issues.
• IJ46231: Upgrading a detached app host appliance fails as the upgrade is waiting on docker and conman services.
• IJ46298: Standby HA appliances can run keystore certificate validator on inactive hosts causing benign log messages.
• IJ46916: Log activity tab can display event ID and category as N/A when the payloads are parsed and mapped correctly.
• IJ46986: Users cannot open the rules wizard from the offenses tab on QRadar 7.5.0 Update Package 6.
• IJ47011: Applications might fail to restart after apphost upgraded from UP5 to UP6.
• IJ47032: Unknown or stored events can route incorrectly to the sim generic log source in QRadar 750 UP4 and later.
• IJ47046: Reference data import fails with numberformatexception due to invalid number converter.
• IJ47049: Risks tab might not load after an upgrade to QRadar 7.5.0 UP6.
• IJ47129: Events can stop processing when pipelinediskmonitor detects the disk spillover threshold is crossed.
• IJ47194: Reports that use the “include date in email subject only” does not behave as expected.
• IJ47404: Ariel processes might not allocate enough memory for memory-heavy operations, causing slower searches.
• IJ47468: Advanced searches (AQL) that use the “in” operator do not use indexes as expected.
• IJ47587: Rule wizard for ADE rules does not preserve the state of the “test separately” check box.
• IJ47623: Completing a pretest with the installer -T command can cause Network Insights forensics issues.
• IJ47894: Scheduled daily reports do not generate on a weekend as expected.
• IJ45775: QRadar cannot log in while the LDAP server is unresponsive, which can lead to tomcat errors.
• IJ46702: PCAP data not stored in ariel or displayed after an upgrade to QRadar 7.5.0 update package 2 or later.
• IJ46928: QRadar applications can get stuck in an error state after an upgrade to 7.5.0 update package 6.
• IJ48422: QFlow services can experience service start or restart issues due to libpcap update for older avx2 processors.
• IJ48423: User management window does not display as expected from the Admin tab when the language preference is non-English

• IMPORTANT: Administrators need to confirm their managed hosts are encrypted before you upgrade to QRadar 7.5.0 Update Package 7 to prevent a known issue with deploys documented as IJ49176/DT247083.
• IMPORTANT: QRadar appliances configured with STIG hardening who upgrade to UP7 must remove a file before you reboot and run the harden utility.
• WinCollect: WinCollect 7.x managed agents must upgrade to WinCollect 7.3.1-28 to resolve APAR IJ45285 where new agents or configuration changes cannot be applied without the new version.
• Auto update: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attmpting to update.
• Apps: Before you upgrade, confirm your ftype configuration for Docker services.
• Apps : Apps might go down during the base image update.
• Data Nodes: When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.
• Upgrade: If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.

• IJ46184: QFlow collectors and processors in different domains can experience connection issues
• IJ47032: Unknown or stored events can route incorrectly to the SIM generic log source in QRadar 7.5.0 UP4 and later
• IJ43957: Poor scalability in referencedata cache resulting in degrading search performance when using filters and tests

• Upgrade: Upgrades to QRadar 7.5.0 UP6 might take an extended amount of time to complete due to glusterfs file cleanup. You must allow the upgrade to continue uninterrupted.
• WinCollect: WinCollect 7.x managed agents must upgrade to WinCollect 7.3.1-28 to resolve APAR IJ45285 where new agents or configuration changes cannot be applied without the new version.
• Auto update: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attmpting to update.
• Apps: Before you upgrade, confirm your ftype configuration for Docker services.
• Apps might go down during the base image update.
• When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.
• If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.

• IJ47468: Advanced searches (AQL) that use the “IN” operator do not use indexes as expected.
• IJ45926: Anomaly rule enabling “Test the [this accumulated property] value of each log source separately” displays application error.
• IJ45829: Rule wizard cannot transition to the next page properly when rule response updates a reference table.
• IJ47587: ADE rule “Test Separately” checkbox setting not preserved when reopening the rule.

• Upgrade: Upgrades to QRadar 7.5.0 UP5 might take an extended amount of time to complete due to glusterfs file cleanup. You must allow the upgrade to continue uninterrupted.
• WinCollect: WinCollect 7.x managed agents must upgrade to WinCollect 7.3.1-28 to resolve APAR IJ45285 where new agents or configuration changes cannot be applied without the new version.
• Auto update: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attmpting to update.
• Apps: Before you upgrade, confirm your ftype configuration for Docker services.
• Apps might go down during the base image update.
• When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.
• If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.

• IJ47049: Risks tab might not load after an upgrade to QRadar 7.5.0 Update Package 6.

• WinCollect: WinCollect 7.x managed agents must upgrade to WinCollect 7.3.1-28 to resolve APAR IJ45285 where new agents or configuration changes cannot be applied without the new version.
• Auto update: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attmpting to update.
• Apps: Before you upgrade, confirm your ftype configuration for Docker services.
• Apps might go down during the base image update.
• When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.
• If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.

Other notices
• Precheck added for postgresql 11 migration.
• Fixing browser certificate warnings. In QRadar 7.5.0 Update Package 5, vault has been replaced by QRadar Certificate Authority (CA) and intermediate CA.
• Upgrading SOAR app might be required.
• You can now add QNI hosts to the Data Synchronization app.

• IJ29153: The /var/log partition can fill up due to the tomcat2.log file not being rotated.
• IJ30091: Editing a managed host in a NAT group generates message “IP for host already exists in deployment”.
• IJ30703: Removing a failed QRadar app upgrade by using extensions management also removes the existing running installation.
• IJ31092: QRadar patching can fail due to a free space check that fails.
• IJ33166: Aggregated searches are showing the wrong flag for some IP addresses.
• IJ34647: Upgrading to QRadar 7.4.3 results in a list of deprecated custom event properties being displayed.
• IJ35016: Overridden identity properties can fail to display as expected in the log activity tab.
• IJ35774: Out of memory for decapper on QRadar Network Insights host can occur in advanced inspection level.
• IJ39771: Scheduled reports can run on raw data causing them to fail or take longer than expected to complete.
• IJ39814: Postgresql uninstalled after hostservices restarts on standby high availability managed host.
• IJ40522: Anomaly issues in 7.5.0 UP2 prevent rules wizard from launching and effects offense creation.
• IJ41830: Truncated NVA configuration file can cause failures on deployed managed hosts.
• IJ42465: Applications can time out or fail to load due to conman-mks secret encryption performance.
• IJ43771: Offense emails might not send when custom properties in the agent-config.xml template use curly quotations.
• IJ43779: High availability setup can fail when primary and secondary IP addresses are too similar.
• IJ44076: After upgrading to 7.5.0, known_hosts keys can be removed unexpectedly causing SSH errors.
• IJ44383: A user custom event property (CEP) can incorrectly display the owner as admin in the user interface.
• IJ44384: Copying a custom property can incorrectly assign the original CEP owner (admin) to a new user.
• IJ44435: QRoC SAASADMIN role unable to list all users associated with an asset.
• IJ44580: QRadar apps fail to start or stop after editing an app host setting to disable encryption.
• IJ44597: Application-related issues might occur due to docker keystore error.
• IJ44637: Domain permission checks can impact performance in the CRE and might send events to store.
• IJ44654: “Exception reading CRE rules” error in rules used in cause and effect tests due to NullPointerException.
• IJ44655: Last 30 days in saved search AQL query is searching for information for 5 years.
• IJ44661: QRadar namevaluepairparser can experience errors when the last value contains pair separator.
• IJ44726: “Top category type” dashboard can cause performance issues, leading to Tomcat (UI) instability.
• IJ45127: Radius authentication fails in 7.5.0 UP4 due to invalid attributes in configuration file.
• IJ45153: QNI suspect content descriptions for cert flows can be “certificate invalid” if message header timestamp is invalid.
• IJ45353: Console configuration changes in deployment actions can cause global rule issues.
• IJ45383: Rule wizard interface refreshes unexpectedly when there is a valid QVM license but no assigned QVM component.
• IJ45452: Daily reports run out of schedule and can ignore the wizards settings.
• IJ45552: Inconsistent JSON custom property parsing for optimized payloads with double backslash characters.
• IJ45660: Rule changes from the console might be rejected by the managed host when IMQ message queue is full.
• IJ45736: QRadar unparsed logs incorrectly go to the consoles SIM generic log source.
• IJ45778: Optimized JSON custom event properties with backslashes parse as N/A in the user interface.
• IJ45878: QRadar upgrades to 7.5.0 Update Package 5 can take an extended amount of time to complete.
• IJ45913: Custom event property definition window displays empty “field type” when creating new CEP.
• IJ46246: File names from SMTP email traffic attachments are not reported in QNI 7.5.0.
• IJ46357: Geographic data rules cause search and event pipeline issues when the location cache exceeds the spillover threshold.
• IJ46418: Tuning changes can slow ecs-ec components resulting in delays and events routing to storage.
• IJ46619: Enabled geographic data indexes can cause performance issues in QRadar 7.5.0 UP5.

• CVE-2020-35491, CVE-2018-7489, CVE-2020-35490, CVE-2020-36518, CVE-2020-11971, CVE-2020-13955, CVE-2022-39135.
• CVE-2023-26276.
• CVE-2023-26273.
• CVE-2023-26274.
• CVE-2022-34352.

• Upgrade: QRadar Risk Manager Risks tab might not load after an upgrade to QRadar 7.5.0 Update Package 6.
• Upgrade: Upgrades to QRadar 7.5.0 UP6 might take longer to complete due to glusterfs file cleanup
• WinCollect: WinCollect 7.x managed agents must upgrade to WinCollect 7.3.1-28 to resolve APAR IJ45285 where new agents or configuration changes cannot be applied without the new version.
• Auto update: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attmpting to update.
• Apps: Before you upgrade, confirm your ftype configuration for Docker services.
• Apps : Apps might go down during the base image update.
• Data Nodes: When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.
• Upgrade: If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.

• IJ45736: QRadar unparsed logs incorrectly go to the consoles SIM generic log source.
• IJ46357: Geographic data rules cause search and event pipeline issues when the location cache exceeds the spillover threshold.
• IJ46418: Tuning changes can slow ecs-ec components resulting in delays and events routing to storage.
• IJ46619: Enabled geographic data indexes can cause performance issues in QRadar 7.5.0 UP5

• Upgrade: Upgrades to QRadar 7.5.0 UP5 might take an extended amount of time to complete due to glusterfs file cleanup. You must allow the upgrade to continue uninterrupted.
• WinCollect: WinCollect 7.x managed agents must upgrade to WinCollect 7.3.1-28 to resolve APAR IJ45285 where new agents or configuration changes cannot be applied without the new version.
• Auto update: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attmpting to update.
• Apps: Before you upgrade, confirm your ftype configuration for Docker services.
• Apps might go down during the base image update.
• When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.
• If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support. For more information, see IJ44385.

• IJ29512: High Availability (HA) restore process allows a primary to be rebuilt as a secondary 500 appliance
• IJ43705: QRadar.jsp call to licensekeymanager.arelicensesvalid() causes a delay on login for customers having multiple managed hosts
• IJ43767: Users patching from QRadar 7.3.2 or 7.4.3 to QRadar 7.5.0 might experience longer patch times than expected
• IJ44257: Reference data API source response does not reflect the requested API source value
• IJ44481: Use case manager exports fail while session was in an open transaction state
• IJ45191: Offense summary page event/flow count field does not match the event count in log activity

Note: These issues were closed in 7.5.0 Upgrade Pack 5 and backported to 7.4.3 Fix Pack 9.

• WinCollect: WinCollect 7.x managed agents must upgrade to WinCollect 7.3.1-28 to resolve APAR IJ45285 where new agents or configuration changes cannot be applied without the new version.
• Apps: A flash notice exists for this issue that impacts Docker services. Users must confirm ftype configuration before you upgrade.
• Auto updates: Verify your auto update version after you upgrade as some users reported the version can be reverted to a version prior to 9.16 (latest), leading to auto update problems.
• App Host cannot commnicate to Console when connection is firewalled.
• Apps might go down during base image.
• When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.
• Kernel crash can affect UEFI systems in QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2. If you are planning to upgrade from any version of QRadar 7.4.2 Fix Pack 2 through to QRadar 7.4.3 Fix Pack 2, contact support or see IJ44385.

Other notices
• Precheck added for postgresql 11 migration.
• Fixing browser certificate warnings. In QRadar 7.5.0 Update Package 5, vault has been replaced by QRadar Certificate Authority (CA) and intermediate CA.
• Upgrading SOAR app might be required.
• You can now add QNI hosts to the Data Synchronization app.

• IJ44481: USE CASE MANAGER EXPORTS FAIL WHILE SESSION WAS IN AN OPEN TRANSACTION STATE
• IJ44535: APPLICATIONS MIGHT FAIL TO INSTALL BECAUSE THE APPLICATION START TIME EXCEED 500 SECONDS
• IJ45191: OFFENSE SUMMARY PAGE EVENT/FLOW COUNT FIELD DOES NOT MATCH THE EVENT COUNT IN LOG ACTIVITY

• Important: A flash notice exists for this issue that impacts Docker services. Users must confirm ftype configuration before you upgrade.
• Important: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attmpting to update.
• App Host cannot commnicate to Console when connection is firewalled.
• Apps might go down during base image.
• When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.

Known issues
• Precheck added for postgresql 11 migration.
• New certificate files to fix browser security warning.
• Upgrading SOAR app might be required.
• Adding QNI hosts to the Data Synchronization app.

• IJ41613: TIMEZONE CANNOT BE CHANGED FROM UI AND SYSTEM TIME SETTINGS UI TAB MIGHT FAIL TO LOAD
• IJ41234: DEPLOY CHANGES CAN ERROR OUT IF THE SERVER TABLE HAS A NON FULLY QUALIFIED DOMAIN NAME
• IJ29592: ‘APPLICATION ERROR’ OCCURS AFTER AN EXTENDED PERIOD OF TIME WHEN ATTEMPTING TO LOAD THE OFFENSE PAGE
• IJ29374: OFFENSE RULE USING ‘AND WHEN THE DESTINATION LIST INCLUDES ANY OF THE FOLLOWING A.B.C.D/E’ TEST WITH PUBLIC IP DOES NOT TRIGGER
• IJ39549: QRADAR RISK MANAGER: /QRM/SRM_UPDATE_1138.SQL CAN CAUSE 7.5.0 UP1 UPGRADE TO FAIL ON HOSTS WHERE REQUIRED INDEX DOESN’T EXIST
• IJ39256: BIND CREDENTIAL FOR LDAP REPOS CLEARS IF SAVED WITHOUT SUCCESSFUL CONNECTION TEST

Note: These issues were closed in 7.5.0 Upgrade Pack 4 and backported to 7.4.3 Fix Pack 8.

• IBM QRADAR SIEM INCLUDES MULTIPLE COMPONENTS WITH KNOWN VULNERABILITIES
• IBM QRADAR SIEM IS VULNERABLE TO INFORMATION EXPOSURE (CVE-2022-34351)
• IBM QRADAR SIEM IS VULNERABLE TO POSSIBLE INFORMATION DISCLOSURE (CVE-2023-22875)

• ErrorStream log messages (IJ33650)
• Kernel crash can affect UEFI systems in 7.4.2 FP2 to 7.4.3 FP2 and might require support assistance (IJ44385)

• IBM QRADAR SIEM INCLUDES MULTIPLE COMPONENTS WITH KNOWN VULNERABILITIES
• IBM QRADAR SIEM IS VULNERABLE TO INFORMATION EXPOSURE (CVE-2022-34351)

• Important: Flash Notice: After upgrading to 7.5.0 UP4, WinCollect 7.x agents can experience management or configuration change errors (IJ45284)
• Important: Flash Notice: Before upgrading users must confirm ftype configuration to prevent a potential Docker service issue.
• Important: Use UpdateConfs.pl -v to confirm your auto update version after you upgrade as it is possible to revert to a previous AU version and experience errors when attmpting to update.
• App Host cannot commnicate to Console when connection is firewalled.
• Apps might go down during base image.
• When adding a Data Node to a cluster, they must either all be encrypted, or all be unencrypted. You cannot add both encrypted and unencrypted Data Nodes to the same cluster.

Known issues
• Precheck added for postgresql 11 migration.
• New certificate files to fix browser security warning.
• Upgrading SOAR app might be required.
• Adding QNI hosts to the Data Synchronization app.

• Important: A flash notice exists for this issue that impacts Docker services as APAR IJ41796. Users must confirm ftype configuration before you upgrade.
• An upgrade precheck added for postgresql 11 migration to confirm disk space.
• New certificate files to fix browser security warning.
• Upgrading SOAR app might be required.
• Adding QNI hosts to the Data Synchronization app.

Known issues
• App Host cannot commnicate to Console when connection is firewalled.
• Apps might go down during base image.

• Important: A flash notice exists for this issue that impacts Docker services as APAR IJ41796. Users must confirm ftype configuration before you upgrade.
• An upgrade precheck added for postgresql 11 migration to confirm disk space.
• New certificate files to fix browser security warning.
• Upgrading SOAR app might be required.
• Adding QNI hosts to the Data Synchronization app.

Known issues
• App Host cannot commnicate to Console when connection is firewalled.
• Apps might go down during base image.

• Important: A flash notice exists for this issue that impacts Docker services. Users must confirm ftype configuration before you upgrade.
• Precheck added for postgresql 11 migration.
• New certificate files to fix browser security warning.
• Upgrading SOAR app might be required.
• Adding QNI hosts to the Data Synchronization app.

Known issues
• App Host cannot commnicate to Console when connection is firewalled.
• Apps might go down during base image.

• Important: A flash notice exists for this issue that impacts Docker services. Users must confirm ftype configuration before you upgrade.
• Precheck added for postgresql 11 migration.
• New certificate files to fix browser security warning.
• Upgrading SOAR app might be required.
• Adding QNI hosts to the Data Synchronization app.

Known issues
• App Host cannot commnicate to Console when connection is firewalled.
• Apps might go down during base image.

• Precheck added for postgresql 11 migration.
• New certificate files to fix browser security warning.
• Upgrading SOAR app might be required.
• Adding QNI hosts to the Data Synchronization app.

Known issues
• App Host cannot commnicate to Console when connection is firewalled.
• Apps might go down during base image.

• QRadar 7.3.3 Fix Pack 11 runs on Red Hat® Enterprise Linux® version 7.9.
• QIF deployments must upgrade to QRadar 7.3.1 or later.
• The Offenses API is updated to include two new fields: first_persisted_time & last_persisted_time.
• Active Directory module changes.

• Precheck added for postgresql 11 migration.
• New certificate files to fix browser security warning.
• Upgrading SOAR app might be required.
• Adding QNI hosts to the Data Synchronization app.

Known issues
• App Host cannot commnicate to Console when connection is firewalled.
• Apps might go down during base image.

This is a icon-only