|Applies To||RSA Product Set: Web Threat Detection|
RSA Product/Service Type: Mitigator
RSA Version/Condition: 5.1, 5.2,6.0
|Issue|| WTD 126.96.36.199 Custom Key, Alerting Issue Additional Project Description/Summary:|
When setting up a custom key and using that key as the Alert Key in a rule, the system does not flag the alert in the UI. We have tested alerting to email, and the email arrives (telling us that the alert triggered), but there is still no alert visible in the UI. Thus, this appears to be a UI-only issue, where alerts triggered against custom keys do not appear.
As stated above, this rule sends out emails when it alerts, proving that it indeed triggers as expected, but the alert never shows in the UI.
|Resolution||An issue was presented to Engineering -- (in WTD 4992)|
"Alerts listing and the Current Real Time Alerts list will only show alerts keyed against "ip, page, and user". By default there are 8 total keys to select from in the rule creation page under the "Alert Key" drop down list."
This is now fixed in version WTD 6.1 that is scheduled to be released in October 2016.
What was fixed --
All keys are now supported."
Tested the fix --
"creating a RT rule and setting alert keys as : user_ip & user_page & ip_page & agent
when rule is triggered, all keys displayed in the alerts section"