Article Number | 000030625 |
Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: SA Malware Analysis RSA Version/Condition: 10.x Platform: CentOS O/S Version: 6 |
Issue | SA Malware Analysis is not processing any events on continuous scan mode. Looking at the spectrum.log, it is showing that no events are being submitted to be processed. It was verified on Investigator that spectrum.analize present, but did not find the spectrum.consume and spectrum.consume11. Issue is the two required App Rules are not deployed on the decoders. These App Rules determine which sessions/events are to be submitted to the Malware Analysis for processing. |
Resolution | On Security Analytics head GUI, go to Live > Search, then put in Tag: malware analysis, click Search. Then subscribe and deploy all resources found to the packet decoders. Please see below screenshot (also attached) of Live search using Malware Analysis as tag:
 |