000030821 - New ESA rule deployment may cause disabled rules to become enabled in RSA Security Analytics and

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030821
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Event Stream Analysis (ESA), Security Analytics UI
RSA Version/Condition:,
Platform: CentOS
O/S Version: EL6
IssueWhen a new ESA rule is deployed, it may be observed that disabled rules are also inadvertently deployed. 
ResolutionThis issue is permanently resolved in Security Analytics
WorkaroundReview all ESA rules directly after the deployment of new rules.  
If any disabled rules are found enabled that should not be, disable them again.
Alternately, review ESA rules and delete any disabled rules if they are no longer required.