000029068 - Reporting Engine data sources can be added with invalid credentials in RSA Security Analytics 10.4

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029068
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Reporting Engine
RSA Version/Condition: 10.4.0.0, 10.4.0.1
IssueWhen adding data sources to the Reporting Engine, the devices appear to be added successfully even when invalid credentials are used.
However, when attempting to run or test a rule that utilizes the data source, error messages similar to these below are displayed in the Security Analytics UI:
Error message from the Security Analytics UI.

Note also the following:
1.  the "Test Rule"  dialog box in the Security Analytics UI will also display a message similar to the following:  Schema fetched from data source was null for data source=SA - Broker
2. The /home/rsasoc/rsa/soc/reporting-engine/logs/reporting-engine.log file on the Security Analytics server will report an error similar to the example below"
2014-11-14 19:23:33,013 [Reporting Status Polling 1389004080] ERROR com.rsa.smc.sa.reporter.jobs.ReporterChartPollingTask - Action is not authorized on resource
com.rsa.smc.sa.reporter.exception.ReporterSecurityException: Action is not authorized on resource
CauseThis issue occurs due to a known issue in versions 10.4.0.0 and 10.4.0.1 wherein the credentials for Reporting Engine data sources are not validated when they are entered.
ResolutionThis issue has been resolved in RSA Security Analytics 10.4.0.2.  To obtain this patch, please visit https://knowledge.rsasecurity.com.

Attachments

    Outcomes