000033978 - Alerting Issue in UI in RSA Web Threat Detection 5.1.0.7 Custom Key

Document created by RSA Customer Support Employee on Dec 12, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033978
Applies ToRSA Product Set: Web Threat Detection
RSA Product/Service Type: Mitigator
RSA Version/Condition:  5.1, 5.2,6.0 
Issue WTD 5.1.0.7   Custom Key, Alerting Issue Additional Project Description/Summary:
 When setting up a custom key and using that key as the Alert Key in a rule, the system does not flag the alert in the UI. We have tested alerting to email, and the email arrives (telling us that the alert triggered), but there is still no alert visible in the UI. Thus, this appears to be a UI-only issue, where alerts triggered against custom keys do not appear.  
As stated above, this rule sends out emails when it alerts, proving that it indeed triggers as expected, but the alert never shows in the UI.  
ResolutionAn issue was presented to Engineering -- (in WTD 4992)
"Alerts listing and the Current Real Time Alerts list will only show alerts keyed against "ip, page, and user". By default there are 8 total keys to select from in the rule creation page under the "Alert Key" drop down list."
This is now fixed in version WTD 6.1 that is scheduled to be released in October 2016. 
What was fixed --
"Remove filtering on javascript code that filters all keys except for ip, user and page. 
All keys are now supported."
Tested the fix --
"creating a RT rule and setting alert keys as : user_ip & user_page & ip_page & agent
when rule is triggered, all keys displayed in the alerts section"

Attachments

    Outcomes