000035768 - Mechanism does not change when switching from Automated Threat Detection for Logs (Using Query-Based Aggregation) to Packets in RSA Security Analytics 10.6

Document created by RSA Customer Support Employee on Nov 23, 2017Last modified by RSA Customer Support Employee on Nov 25, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000035768
Applies ToRSA Product Set: NetWitness Logs & Packets / Security Analytics
RSA Product/Service Type: Event Stream Analysis (ESA), Advanced Threat Detection
RSA Version/Condition: 10.6.x
Platform: CentOS
O/S Version: EL6
IssueWhen you switch from Automated Threat Detection for Logs (Using Query-Based Aggregation) to Packets, the mechanism does not change.
ResolutionThis issue is currently being investigated by the Engineering team in order to resolve it in a future release.
WorkaroundManually change the value. To change the value, go to Administration > Services, select your Event Stream Analysis service and then View > Explore.
From there, select Source > nextgenAggregationSource and change the Mechanism field from QUERY to AGGREGATION.

Attachments

    Outcomes