|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Incident Management, Security Analytics Server
RSA Version/Condition: 10.4.x, 10.5.x
Platform (Other): MongoDB
O/S Version: EL6
|Issue||After configuring MongoDB for the Incident Management module in Security Analytics, it is necessary for the user to manually restart the rsa-im service for the change to take effect.|
If the service is not restarted, the alert pipeline will function, as will the Incident Management module in the UI, but the rule engine will not execute.
|Cause||The rule engine will not function properly without restarting the rsa-im service because reference data such as categories and default rules will not be loaded. The indexes will also not be created.|
|Workaround||In order to allow the Incident Management to be fully functional, connect to the Security Analytics server appliance and restart the rsa-im service manually as shown below.|
[root@SA-Server ~]# service rsa-im restart
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.