Article Content
Article Number | 000029189 |
Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: Security Analytics UI |
Issue | When trying to reconstruct a session of greater than 100 packets in the Investigation module, an error similar to the following is displayed: This event contains <a number of packets greater than 100>. In order to reconstruct the event the number of packets processed is being limited to 100. |
Cause | Packets are set to 100 by default in the UI in Reconstruction Settings. Both the number of packets and the size of the packets in Investigator reconstruction may be increased, but should be done sparingly, as increasing this parameter may have adverse performance implications (as noted in the UI for the setting). |
Resolution | To make the change, follow the steps below.
|