000035768 - Mechanism does not change when switching from Automated Threat Detection for Logs (Using Query-Based Aggregation) to Packets in RSA Security Analytics 10.6

Document created by RSA Customer Support Employee on Nov 23, 2017Last modified by RSA Customer Support Employee on Jul 10, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000035768
Applies ToRSA Product Set: NetWitness Logs & Network, Security Analytics
RSA Product/Service Type: Event Stream Analysis (ESA), Advanced Threat Detection
RSA Version/Condition: 10.6.x
Platform: CentOS
O/S Version: EL6
IssueWhen you switch from Automated Threat Detection for Logs (Using Query-Based Aggregation) to Packets, the mechanism does not change.
ResolutionThis issue is currently being investigated by the Engineering team in order to resolve it in a future release.
WorkaroundManually change the value. To change the value:
  1. Go to the RSA NetWitness UI > Administration > Services > Event Stream Analysis > View > Explore
  2. From there, go into the Workflow directory > Source nextgenAggregationSource and change the Mechanism field from QUERY to AGGREGATION.

Attachments

    Outcomes