000033049 - Out-of-the-box Aggregation Rules in Incident Management are duplicated after upgrading to RSA Security Analytics 10.6

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033049
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Incident Management
RSA Version/Condition: 10.6.x
Platform: CentOS
O/S Version: EL6
IssueAfter updating to Security Analytics 10.6, there are two sets of the same out-of-the-box aggregation rules for Incident Management. This can lead to ambiguity if you enable both sets of these rules.
User-added image
WorkaroundWhen enabling rules, be careful not to enable duplicate out-of-the-box Incident Management aggregation rules.