|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Event Stream Analysis
RSA Version/Condition: 10.6.X.X
|Issue||In some circumstances, the ESA service stops or the ESA trail rules become disabled due to high memory utilization of the ESA rule.|
|Tasks||The ESA rules utilizing more memory would cause ESA service stability problems and disable trail rules.|
|Resolution|| Please use the steps below to identify which ESA rule(s) are utilizing more memory.|
8. Verify the Value column to see the high memory utilization details. The Corresponding Rule name can be found in the Subitem column.
9. Disable the rule in ESA by navigating to Alerts > Configure page to make ESA service stable.