000030625 - RSA Security Analytics Malware Analysis does not scan any files

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000030625
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Malware Analysis
RSA Version/Condition: 10.x
Platform: CentOS
O/S Version: 6
 
IssueSA Malware Analysis is not processing any events on continuous scan mode. Looking at the spectrum.log, it is showing that no events are being submitted to be processed.
It was verified on Investigator that spectrum.analize present, but did not find the spectrum.consume and spectrum.consume11.
Issue is the two required App Rules are not deployed on the decoders. These App Rules determine which sessions/events are to be submitted to the Malware Analysis for processing.
ResolutionOn Security Analytics head GUI, go to Live > Search, then put in Tag: malware analysis, click Search.  
Then subscribe and deploy all resources found to the packet decoders.  
Please see below screenshot (also attached) of Live search using Malware Analysis as tag:
User-added image
 

Outcomes