Check /opt/qradar/conf/nva.conf and see if the CONSOLE_FQDN field is actually reflecting the true host name.
If not, use the /opt/qradar/bin/qchange_netsetup utility to change the host name. Make sure you save the passwords and IPs of the removed MHs,
Because you need to re-add the MHs after the script finishes.
https://www.ibm.com/docs/en/qsip/7.4?topic=nsm-changing-network-settings-in-all-in-one-system
Detection Pitfalls You Might Be Sleeping On
Practical Cyber Deception — Introduction to “Chaotic Good”
“Invoke-Shadow” — Applying Jungian Psychology to Detection Engineering
My 2025 Detection Philosophy and the Pursuit of Immutable Artifacts
Immutable Artifacts — Enabling RDP Connections
Detecting WiFi dumping via direct WinAPI calls and introduction to “Immutable Artifacts”
Detection of “Evil-WinRM”
Detection of “PSExec.py”
Detection of “EDRSilencer”
My 2nd Udemy course “Detection-as-Code in IBM QRadar” is live. Grab it for free for a limited time!
Detection knowledge repository – by Daniel Koifman