|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Security Analytics UI
RSA Version/Condition: 10.4.1.0
|Issue||Investigations performed against a Core Service by a User with Query Prefix result in accurate meta values, but inappropriate graphical representation. The graphical representation displays event count for all events collected by respective Service over the set duration without considering the Query_Prefix set at User level. |
As shown in the example below, when a user's Query_Prefix set to domain.dst='msn.com', the meta values displayed are accurate, but the graphical representation displays event count for all events collected by the Service.
|Cause||This is identified as a flaw in 10.4 version, and is expected to be fixed in a future release of 10.5.X.|
|Resolution||Please see the workaround section for how to manage the issue until binary relief is included in a future release of Security Analytics.|
|Workaround||The behavior described is observed upon initiating the Investigation session itself. The issue can be worked around by clicking on various meta values or drill downs on the current page. Upon this action, the page will display accurate values in graphical representation.|
If you are unsure of any of the steps above, or wish to inquire if the fix is available yet, please contact RSA Technical Support, and quote this article number for further assistance.