000035745 - RSA Security Analytics 10.6.5 Known Issues Master List

Document created by RSA Customer Support Employee on Dec 9, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035745
Applies ToRSA Product Set: NetWitness Logs & Packets / Security Analytics
RSA Product/Service Type: Core Appliance, Event Stream Analysis (ESA), Malware Analysis, Warehouse (SAW), Archiver, Security Analytics Server, Security Analytics UI
RSA Version/Condition: 10.6.5.0
Platform: CentOS
O/S Version: EL6
IssueBelow is a list of known issues in RSA Security Analytics 10.6.5.0, including those listed in the Release Notes.  
Please click on the links to go directly to the articles.
Installation and Update
Article NumberArticle TitleTracking Number
000035746Incorrect version is displayed when you update from 10.5.2.0 to 10.6.0.1 or laterASOC-17443
000035747Security Analytics UI displays an error when you click Move to RepoASOC-17654
000035748Issue with All-in-One Logs upgrade from 10.5.2.0 or 10.6.0.0 to 10.6.4.0 due to rabbitmqASOC-21194
000035749Issue with SA UI available after All-in-One during Security Analytics 10.6.0.0 to 10.6.4.0 upgradeASOC-23344
000035750Few RPMs are not installed when you update Security Analytics from 10.5.2.1 to 10.6.4.0ASOC-25944
000035751sa.repo file gets modified during an update from 10.5.2.0 or 10.5.2.1 to 10.6.4.0 through RSA LinkASOC-25943
000035752Update from 10.6.3.0 to 10.6.4.0 changes the PAM server config fileASOC-33289

Security Issues
Article NumberArticle TitleTracking Number
000035753Issue with alias name in the Security Analytics Server certificateSACE-7700

General Application Issues
Article NumberArticle TitleTracking Number
000030481"This page can't be displayed" error when attempting to login into the RSA Security Analytics UI with Internet Explorer 10ASOC-9225

General Platform Issues
Article NumberArticle TitleTracking Number
000030363No cancel option is available for Warehouse Analytics jobs in RSA Security AnalyticsSAENG-4706, SAENG-5755

Entitlements and Licensing
Article NumberArticle TitleTracking Number
000030511Metered license does not flip back to in compliance immediately when there are no services attached to that Metered license in Security AnalyticsASOC-9078
000030832Aggregate usage report is generated incorrectly in RSA Security Analytics 10.5.0.1 and aboveASOC-10079

Security Analytics Log Collector
Article NumberArticle TitleTracking Number
000030374Repeated errors are seen when a domain name is not resolvable from a Windows Legacy Collector server in RSA Security AnalyticsSAENG-2476
000030517The Data Privacy Officer role is missing on Log Collectors in RSA Security AnalyticsASOC-7937
000030519Checkpoint collection not working and reports the error "peer ended the session" in RSA Security AnalyticsASOC-8351
000032747Throttling Remote Collector to Local Collector bandwidth is not persistent after rebooting in RSA Security Analytics 10.6ASOC-16717
000035754Cloudtrail event source test connection fails with an errorASOC-37288

Security Analytics Investigation
Article NumberArticle TitleTracking Number
000030497Parallel Coordinate visualization is not displaying special characters correctly on Security AnalyticsASOC-9346
000032748Incidents are not flagged when a user manually adds the alerts to existing incidents in RSA Security Analytics 10.6ASOC-16640

Security Analytics Workbench
Article NumberArticle TitleTracking Number
000030504Empty collection is created if restoration fails because workbench service is stopped or restarted on RSA Security AnalyticsASOC-6859
000030507All restoration collections created at version 10.4.x will have blank date values after upgrading to RSA Security Analytics 10.5 or aboveASOC-9087
000030508The Date Range is not displayed for collections if services are restarted while a restoration is in progress in RSA Security AnalyticsASOC-6822
000030507All restoration collections created at version 10.4.x will have blank date values after upgrading to RSA Security Analytics 10.5 or aboveASOC-9035

Security Analytics Malware Analysis
Article NumberArticle TitleTracking Number
000016980Unable to perform Malware Analysis On-Demand scans using trusted connections in RSA Security Analytics 10.4.x and aboveSAENG-5485
000030501The View Network Session option is disabled for Malware Analysis events if the core device is not configured correctly in RSA Security AnalyticsASOC-5571
000032750Upload Scan Job does not get submitted to Colo Malware if standalone Malware is also present in RSA Security Analytics environmentASOC-9821

Security Analytics Incident Management
Article NumberArticle TitleTracking Number
000032740View Original Event returns stack trace when no concentrator is available in RSA Security Analytics 10.6ASOC-14266
000033049Out-of-the-box Aggregation Rules in Incident Management are duplicated after upgrading to RSA Security Analytics 10.6ASOC-15031
000032723Incident Management becomes unresponsive while loading large number of alerts in RSA Security AnalyticsASOC-16900

Security Analytics Event Stream Analysis (ESA)
Article NumberArticle TitleTracking Number
000030359Synchronization / Deployment fails for the ESA rule “No Log Traffic detected from device in given time frame” deployed from Live in RSA Security AnalyticsSAENG-5888
000030360Case-sensitive sorting is not working properly in the ESA All Rules grid in RSA Security AnalyticsSAENG-3605
000030554ESA rule deployment fails if the server that hosts an external database goes down in RSA Security AnalyticsASOC-9011
000031334ESA Alerts Summary page is blank or displays "Error getting data" in the RSA Security Analytics UIASOC-9016, ASOC-9026
000032752Forwarding rule name is not updated when the advanced rule name changes in RSA Security AnalyticsASOC-9585
000035755ESA Displays Warning For Array OperatorsASOC-14157
000035757Group Aggregation EPS rate drops when native aggregation from single source is triggered in parallelASOC-20026
000035767Warm-up Duration is Retained When Changing from Packet to Log Automated Threat Detection and vice-versaASOC-22226
000035768When you switch from Automated Threat Detection for Logs (Using Query-Based Aggregation) to Packets, the mechanism does not changeASOC-23874
000035769Trial rules configuration: Out-of-Bound Values are CappedASOC-6633
000035770Event Stream Analysis service becomes unresponsive under heavy loadASOC-25174

Security Analytics Reporting Engine
Article NumberArticle TitleTracking Number
000030386Live deployment of Reporting Engine rules and reports fail due to missing dependencies in RSA Security AnalyticsSAENG-1334
000030390Reporting Engine may become blocked in RSA Security Analytics when RabbitMQ connections have a blocked stateSAENG-5329
000030564Updates to connection parameters on the Service page do not reflect on the Reporting Data sources in RSA Security AnalyticsASOC-8149
000030569Cannot Navigate to Investigation from the NWDB reports if the connection parameters on the Service page are updated in RSA Security AnalyticsASOC-8575
000035756Direction meta is not available when the data source is addedASOC-24061

Security Analytics Reporting
Article NumberArticle TitleTracking Number
000030388Internet Explorer 10 is unable to display the result for a Test Rule that is clicked on more than once in RSA Security AnalyticsSAENG-3926
000030389Adding a dynamic list while editing a report schedule from the View All Schedules page does not work in RSA Security AnalyticsSAENG-5837
000033050"Error occurred while fetching data from source" is displayed when running rules with empty lists in RSA Security AnalyticsASOC-16271

Security Analytics Administration and Auditing
Article NumberArticle TitleTracking Number
000035771Recurring Identity feed is not working when using hostname or IP of Log Collector serviceSACE-6600
000035772Data retention scheduler page uses incorrect time zoneASOC-24566
000035773SNMP v3 trap logs are not working for Event Stream AnalysisASOC-22667
000035774Custom feeds with CSV content are not matching meta values, and quotes are not displayed correctlySACE-7121
   ASOC-30636
000030576Configuration audit events captured by RSA Security Analytics lack the context of which service was changedASOC-8889
000030577Excessive audit logs are generated when accessing the UI pages for importing/exporting/login/logout in RSA Security AnalyticsASOC-8916
000030565The RSA Security Analytics Server is not capturing the value for queryString in the audit logsASOC-8994
000030571Password expiration email notification does not provide source information in RSA Security AnalyticsASOC-9187
000030575Audit logs are not reporting pages accessed where users do not have permissions in RSA Security AnalyticsASOC-9323

Security Analytics Event Source Monitoring (ESM)
Article NumberArticle TitleTracking Number
000030589Renaming the Log Collector or Log Decoder hostname is not reflected on the Event Sources Manage page in RSA Security AnalyticsASOC-9235
000032745ESM Automatic Alarms do not work on All-in-One (AIO) appliances running RSA Security Analytics 10.6ASOC-16588

Security Analytics Core Services
Article NumberArticle TitleTracking Number
000030831Incorrect syntax in core appliance custom index file causes initialization errors in RSA Security Analytics 10.5.0.1 and aboveASOC-4195
000030582Broker role permissions do not show custom meta keys defined in concentrator during Data Privacy setup in RSA Security AnalyticsASOC-6749
000035776Metacallback feeds do not support ranged indices (IP range or CIDR)SATCE-260
   ASOC-18044
000035775Ability to Create Source and Destination IP-Based Feeds Using CIDR or RangeSATCE-628

Attachments

    Outcomes