Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000032966 - ESA deployment shows "unknown error" and deleted rule still triggers alerts in RSA Security Analytics

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support on May 3, 2019

Version 4Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000032966
Applies To	RSA Product Set: NetWitness Logs & Packets RSA Product/Service Type: SA Security Analytics Server, Event Stream Analysis. RSA Version/Condition: 10.5.1, 10.5.2, 10.5.3, 10.6.x Platform: CentOS O/S Version: EL6
Issue	If an ESA rule is deleted, that rule still stays in the Alerts->Configure->Services page as enabled which leads to the below 'Unknown error' while deploying changes to ESA service.
Cause	This is due to additional unused ESA deployment services under ESA Deployments tab.
Resolution	Please follow the below steps to resolve this issue. Login to SA GUI as admin. Navigate to Alerts->Configure->Deployments. Delete additional ESA Deployments which are unused. Verify "Deploy Now" will not show any error when changes deployed.

Attachments

Outcomes

0 Comments

Recommended Content