|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Event Stream Analysis (ESA)
RSA Version/Condition: 10.5.0.1, 10.5.0.2
O/S Version: EL6
|Issue||When an advanced rule is added to a cross-site deployment before its forwarding rule is specified, the forwarding rule is not deployed. |
This will always be the case the first time a particular advanced rule is added to a cross-site deployment because the forwarding rule can only be entered after the rule is added to the deployment.
|Resolution||This issue will be permanently resolved in Security Analytics versions 10.5.1 and 10.6.|
|Workaround||Before pressing the deploy button, and after adding the forwarding rule, remove and then re-add the advanced rule from the deployment. |
When the rule is added to the deployment the second time, it has a forwarding rule, and it too is added to the deployment group.