|Applies To||RSA Security Analytics|
RSA Security Analytics 10.3
RSA Security Analytics Event Stream Analysis
|Issue||How to delete all alerts on an RSA Security Analytics ESA appliance similar to performing a data reset on a core appliance.|
Is it possible to do a data rest on my Event Stream Analysis (ESA) appliance in Security Analytics?
How can I quickly remove all alerts on my ESA device?
Although a data reset cannot be performed on an ESA appliance as with the core appliances (i.e. decoder, concentrator, broker, etc.), the ESA appliance stores all of its alerts in a local PostgreSQL database, with the tables containing the alerts being stored in the following format: alertYYYYMMDD.
To drop the tables that contain the alerts, follow the steps below.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
See the screenshot below for an example of the alert removal procedure on an ESA appliance.
|Legacy Article ID||a66531|