000029032 - The user.dst meta key is being populated with random data in RSA Security Analytics 10.3.3

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029032
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Concentrator
RSA Version/Condition: 10.3.3
IssueThe Destination User Account (user.dst) meta key displays incorrect results for the Cisco ASA (ciscoasa) event source in RSA Security Analytics, as shown in the screenshot below.
Example of the incorrect results in the user.dst meta key.
ResolutionA fix for this issue is slated to be included in the Event Source Update (ESU) #75 release, scheduled to be released in the RSA Live update feed during the first week of December, 2014.
The update is slated to be automatically pushed at that time to all Security Analytics environments that subscribe to the Cisco ASA event source.
The Cisco ASA event source in RSA Live.
It can also be applied once the ESU is released by removing and redeploying the event source in question.