|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Decoder, Log Decoder, Concentrator, Security Analytics UI
RSA Version/Condition: 10.6.x
O/S Version: EL6
|Issue|| After updating to Security Analytics 10.6.0.0, correlation rules written in deprecated syntax can cause Decoders or Concentrators to start in a failed state. Rules that match the strict formatting do not cause this issue.|
|Workaround||To allow the aggregation on the Concentrator to start, change the correlation rules with deprecated syntax to use strict format syntax.|
You can check your correlation rules with the steps below.
After you fix all of the correlation rules for the appliance, restart the service.