000030830 - Event Stream Analysis forwarding rule is not deployed (cross-site correlation rules only) in RSA Security Analytics 10.5.0.1 and 10.5.0.2

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030830
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Event Stream Analysis (ESA)
RSA Version/Condition: 10.5.0.1, 10.5.0.2
Platform: CentOS
O/S Version: EL6
IssueWhen an advanced rule is added to a cross-site deployment before its forwarding rule is specified, the forwarding rule is not  deployed.  
This will always be the case the first time a particular advanced rule is added to a cross-site deployment because the forwarding rule can only be entered after the rule is added to the deployment. 
ResolutionThis issue will be permanently resolved in Security Analytics versions 10.5.1 and 10.6.
WorkaroundBefore pressing the deploy button, and after adding the forwarding rule, remove and then re-add the advanced rule from the deployment.  
When the rule is added to the deployment the second time, it has a forwarding rule, and it too is added to the deployment group. 

Attachments

    Outcomes