diff --git a/packages/ibm_qradar/_dev/deploy/docker/files/config.yml b/packages/ibm_qradar/_dev/deploy/docker/files/config.yml
index b47ded11814..8f5ea2f08cc 100644
--- a/packages/ibm_qradar/_dev/deploy/docker/files/config.yml
+++ b/packages/ibm_qradar/_dev/deploy/docker/files/config.yml
@@ -23,6 +23,10 @@ rules:
                 {
                   "id": 100408,
                   "type": "CRE_RULE"
+                },
+                {
+                  "id": 187061,
+                  "type": "CRE_RULE"
                 }
               ],
               "event_count": 1,
diff --git a/packages/ibm_qradar/changelog.yml b/packages/ibm_qradar/changelog.yml
index bcafa1b0c37..400944ec862 100644
--- a/packages/ibm_qradar/changelog.yml
+++ b/packages/ibm_qradar/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.1.1"
+  changes:
+    - description: Handle offense rules not present in the rules dictionary during enrichment.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/19444
 - version: "1.1.0"
   changes:
     - description: Use new `release` field for agentless deployment mode to establish as beta.
diff --git a/packages/ibm_qradar/data_stream/offense/agent/stream/cel.yml.hbs b/packages/ibm_qradar/data_stream/offense/agent/stream/cel.yml.hbs
index c73a6227dd3..58da908a8d2 100644
--- a/packages/ibm_qradar/data_stream/offense/agent/stream/cel.yml.hbs
+++ b/packages/ibm_qradar/data_stream/offense/agent/stream/cel.yml.hbs
@@ -117,10 +117,13 @@ program: |
                 "message": offense.with({
                   ?"rules": (has(offense.rules) && offense.rules != null) ?
                     optional.of(offense.rules.map(rule,
-                      state.rules_dict[string(rule.id)].with({
-                        "rule_type": state.rules_dict[string(rule.id)].type,
-                        "type": rule.type
-                      })
+                      rule.id in state.rules_dict ?
+                        state.rules_dict[rule.id].with({
+                          "rule_type": state.rules_dict[rule.id].type,
+                          "type": rule.type
+                        })
+                      :
+                        {"id": rule.id, "type": rule.type}
                     ))
                   :
                     optional.none()
diff --git a/packages/ibm_qradar/manifest.yml b/packages/ibm_qradar/manifest.yml
index 2f4834d23c3..1adebf34474 100644
--- a/packages/ibm_qradar/manifest.yml
+++ b/packages/ibm_qradar/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.3.2
 name: ibm_qradar
 title: IBM QRadar
-version: 1.1.0
+version: 1.1.1
 description: Collect logs from IBM QRadar with Elastic Agent.
 type: integration
 categories: