|Applies To||RSA Product Set: NetWitness Logs & Packets / Security Analytics|
RSA Product/Service Type: Event Stream Analysis (ESA), Advanced Threat Detection
RSA Version/Condition: 10.6.x
O/S Version: EL6
|Issue||When you switch from Automated Threat Detection for Logs (Using Query-Based Aggregation) to Packets, the mechanism does not change.|
|Resolution||This issue is currently being investigated by the Engineering team in order to resolve it in a future release.|
|Workaround||Manually change the value. To change the value, go to Administration > Services, select your Event Stream Analysis service and then View > Explore.|
From there, select Source > nextgenAggregationSource and change the Mechanism field from QUERY to AGGREGATION.