|Applies To||RSA Product Set: Security Management|
RSA Product/Service Type: SecOps
RSA Version/Condition: 1.X
|Issue||Aggregation of Security Alerts to Security Incidents stops functioning. Each Security Incident created only has 1 Security Alert and 1 Security Event.|
|Cause||Incident Status field Values List in the Security Incident application was customized. A calculation was added to make the default value something other than "New."|
SecOps solution is designed to continue to aggregate Alerts to Incidents as long as the Incident is in a "New" status. If the Incident is no longer in a "New" status this triggers a new Security Incident to be created.
|Resolution||Ensure that the default value of the Incident Status field is always "New".|