000034032 - How To Set the Maximum Number of Alerts or Events Sent Through the RSA Unified Collector Framework in RSA Archer

Document created by RSA Customer Support Employee on Sep 19, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034032
Applies ToRSA Product Set: Security Management
RSA Product/Service Type: SecOps, Archer
RSA Version/Condition: 1.2 and 1.3
IssueBy default, the UCF sends all the alerts associated with an incident and all the events associated with an alert into the RSA Archer Security Operations
Management solution. If this is more data than you need, you can set limits on the number of alerts or events sent.
Resolution
  1. Stop the UCF, as follows:
    1. Click Control Panel > Administrative Tools > Services.
    2. Select RSA Unified Collector Framework.
    3. Click Stop.
  2. Open the <ucf_intall_dir>\config\collector-config.properties file.
  3. Do one or both of the following:
    1. In the sa.alertsInIncident property, enter a valid integer. To allow all alerts,enter a value of 0.
    2. In the sa.eventsInAlert property, enter a valid integer. To allow all events,enter a value of 0.
  4. Save the <ucf_intall_dir>\config\collector-config.properties file.
  5. Start the UCF, as follows:
    1. Click Control Panel > Administrative Tools > Services.
    2. Select RSA Unified Collector Framework.
    3. Click Start.

Attachments

    Outcomes