000034733 - Can Built-in Attributes Be Pruned to Improve Performance in RSA Web Threat Detection 6.0?

Document created by RSA Customer Support Employee on Jun 1, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000034733
Applies ToRSA Product Set: Web Threat Detection
RSA Product/Service Type: Mitigator
RSA Version/Condition: 6.0
IssueWe are working with a Customer to tune their WTD environment. One of the questions we have is regarding the following RSA standard attributes: 
  • user-ip 
  • ip-page 
  • user-page 
Please note: There are keys defined against these three attributes as well. 
These 3 attributes take up a large number of entries in the Mitigator dictionary. They are not being used by any mitigator rules. 
Question:  Can these attributes be added to the prune-attributes field for Mitigator – or does Mitigator need them internally for some other reason? 
ResolutionAnswer: You cannot prune elements that appear in Keys.
As long as attributes also have associated keys they cannot be removed as Keys are used in r2b2(Report Builder) and SilverSurfer.  When these built-in attributes were pruned in testing, the system produced an error.  RSA has determined that these built-in Attributes are required and cannot be added to the prune-attributes field for Mitigator.