RSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector, Security Analytics UI
RSA Version/Condition: 10.5.x, 10.6.0.0
Platform (Other): Amazon Web Services (AWS) CloudTrail
O/S Version: EL6
|Issue||When the transform file is not present for an Amazon Web Service (AWS) CloudTrail collection in the required directory (/etc/netwitness/ng/logcollection/content/transform/cmdscript) on the Log Collector, the Security Analytics UI displays the following error message:|
Error: could not find supported file type in file /etc/netwitness/ng/logcollection/content/collection/cmdscript/cloudtrail_transform.xml
|Resolution||This issue is currently being investigated by the Engineering team in order to resolve it in a future release.|
|Workaround||To resolve the issue, verify that the /etc/netwitness/ng/logcollection/content/transform/cmdscript/cloudtrail_transform.xml is indeed missing.|
If it is, deploy the Log Collector content for the AWS collection from the Live -> Search page in the Security Analytics UI, as shown below.
If the file is present but the error is logging, then it can be safely ignored.