Apparently Qradar is clearing out the event tables on the IPS before they can be pulled by the IME software, this is causing the reporting from the IPS unit "not to report" most events that are being blocked. What ill effects would hooking up a SIM have on the IPS itself? Additionally, do you have any suggestions to try to work around this issue so that we can still feed IPS logs into our Qradar box? Thanks.
I have this problem too.