000034733 - Can Built-in Attributes Be Pruned to Improve Performance in RSA Web Threat Detection 6.0?

Document created by RSA Customer Support Employee on Jun 1, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000034733
Applies ToRSA Product Set: Web Threat Detection
RSA Product/Service Type: Mitigator
RSA Version/Condition: 6.0
 
IssueWe are working with a Customer to tune their WTD environment. One of the questions we have is regarding the following RSA standard attributes: 
  • user-ip 
  • ip-page 
  • user-page 
Please note: There are keys defined against these three attributes as well. 
These 3 attributes take up a large number of entries in the Mitigator dictionary. They are not being used by any mitigator rules. 
Question:  Can these attributes be added to the prune-attributes field for Mitigator – or does Mitigator need them internally for some other reason? 
ResolutionAnswer: You cannot prune elements that appear in Keys.
Explanation:
As long as attributes also have associated keys they cannot be removed as Keys are used in r2b2(Report Builder) and SilverSurfer.  When these built-in attributes were pruned in testing, the system produced an error.  RSA has determined that these built-in Attributes are required and cannot be added to the prune-attributes field for Mitigator.

Attachments

    Outcomes