000035775 - Only the source meta key is populated when creating a source and destination-based feed in RSA Security Analytics 10.6

Document created by RSA Customer Support Employee on Nov 23, 2017Last modified by RSA Customer Support Employee on Nov 25, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000035775
Applies ToRSA Product Set: NetWitness Logs & Packets, Security Analytics
RSA Product/Service Type: Log Decoder Custom Feeds
RSA Version/Condition: 10.6.x
Platform: CentOS
O/S Version: EL6
IssueWhen creating a source and destination based feed on a Log Decoder, it only populates the source meta key. You cannot use a range-based or CIDR feed. You must list every single IP address.
ResolutionThis issue is currently being investigated by the Engineering team in order to resolve it in a future release.
WorkaroundCreate two different feeds using IP addresses and you can use CIDR in these feeds.