|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Log Decoder
RSA Version/Condition: 10.5.0.0
O/S Version: EL6
|Issue||Adding many Event Sources that have the same Device Type to one or more groups results in increased CPU utilization on Log Decoders when events of that device type are received.|
|Resolution||This issue is resolved in Security Analytics 10.5.0.1.|
|Workaround||To avoid this issue, do not create many large groups that include a large number of the same Event Source type. |
The sum of the event sources across groups should be limited to 150,000 when viewed in the Administration -> Event Sources -> Manage tab.