000030359 - Synchronization / Deployment fails for the ESA rule “No Log Traffic detected from device in given time frame” deployed from Live in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030359
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI, Live, Event Stream Analysis (ESA)
RSA Version/Condition: 10.4.x, 10.5.x
Platform: CentOS
O/S Version: EL6
IssueSynchronization (referred to as Deployment in 10.5.x and above) fails for rule “No Log Traffic detected from device in given time frame” deployed from Live.
The issue is observed when a system is upgraded from versions prior to 10.4 where the rules were deployed from Live with incorrect Module IDs. 
This issue is not observed if the rules are deployed from Live on a 10.4.x environment and the synchronization is performed.
WorkaroundTo resolve the issue, delete the rules with incorrect Module IDs and redeploy the rules again from Live.

Attachments

    Outcomes