000030588 - Unable to delete an event source monitoring threshold for a policy in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030588
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI, Event Source Monitoring
RSA Version/Condition:
Platform: CentOS
O/S Version: EL6
IssueOn the Administration -> Event Source -> Monitoring page in the Security Analytics UI, if any policy has rule or threshold added to it once then it is not possible to delete that rule.
Attempting to delete the rule displays the following error:  The threshold values cannot be unset, If you want to disable the policy, please uncheck the Enable checkbox.
User-added image
ResolutionThis issue has been resolved in Security Analytics
WorkaroundAs a workaround for the issue, disable the policy or set both the low and high thresholds to 0 events in 5 minutes (5 minutes is the minimum duration for thresholds).