|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Security Analytics UI, Broker, Log/Packet Concentrator, Log/Packet Decoder, Archiver, Event Stream Analysis (ESA), Remote Log Collector
RSA Version/Condition: 10.5.0.0
O/S Version: EL6
|Issue||Security Analytics shows a false host down status when there are a large number of events (35,000 events or more) queued up in the Rabbit MQ queue. Security Analytics looks for larger than normal time gaps in update statistics from each host. When a larger than normal gap is detected for a host, this triggers the Health & Wellness Host Unreachable alarm as defined in the SA Host Monitoring Policy.|
A false positive condition can occur when the number of statistical messages in the message queue backs up and are unable to be processed in real time. If this occurs, the Host Unreachable alarm can trigger for all hosts.
|Resolution||This issue has been permanently resolved in Security Analytics 10.5.0.1.|