000035511 - RSA Security Analytics out of the box profiles return data outside the specified timeframe filter

Document created by RSA Customer Support Employee on Sep 16, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035511
Applies ToRSA Product Set: NetWitness Logs and Packets, Security Analytics
RSA Product/Service Type: Security Analytics Server
RSA Version/Condition: 10.6.0, 10.6.1, 10.6.2, 10.6.3, 10.6.4
IssueOut of the box Profiles RSA File Analysis, RSA Threat Analysis, and RSA Web Analysis return data outside the specified timeframe filter.
CauseThe PreQuery is missing the parenthesis when using the or ( || ) operator.
ResolutionThis will be resolved in RSA Security Analytics version 10.6.5 and later.
WorkaroundDuplicate the profiles and add to the PreQuery parenthesis around the query.
PreQuery should look like this:
(filename exists || extention exists || filetype exists || sourcefile exists || content = 'application/octet-stream')