Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000032502 - RSA Security Analytics Event Stream Analysis (ESA) Trial rules

Document created by RSA Customer Support

on Jun 30, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000032502
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: Event Stream Analysis, Security Analytics UI RSA Version/Condition: 10.5.x
Issue	While configuring a new rule, it is suggested to mark it as Trial rule for a while to assess its effectiveness and stability.
Resolution	When we configure a rule as trial rule, ESA does the following: ESA periodically checks memory utilization If memory utilization exceeds the threshold, all rules marked as trial will get disabled Threshold values - Memory Utilization 85% / Check Interval 300 seconds These prevents any bad/misconfigured rules from crashing the ESA service
Notes	The above settings can be changed from : ESA Explore View -> CEP -> Module -> Configuration The parameters are MemoryThresholdForTrialRules (Default Value 85) MemoryCheckPeriod (Default Value 300)

Attachments

Outcomes

0 Comments

Recommended Content