000032966 - ESA deployment shows "unknown error" and deleted rule still triggers alerts in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032966
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Security Analytics Server, Event Stream Analysis.
RSA Version/Condition: 10.5.1.0
 
IssueIf an ESA rule is deleted, that rule still stays in the Alerts->Configure->Services page as enabled which leads to the below 'Unknown error' while deploying changes to ESA service.
User-added image
CauseThis is due to additional unused ESA deployment services under ESA Deployments tab.
ResolutionPlease follow below steps to resolve this issue.
  1. Login to SA GUI as admin.
  2. Navigate to Alerts->Configure->Deployments.
  3. Delete additional ESA Deployments which are unused.
  4. Verify "Deploy Now" will not show any error when changes deployed.

Attachments

    Outcomes