Incidents are nt getting created in secops.
Rabbit MQ service restarted, RSA UCF service restarted, endpoin connection is successful but incidents are not getting created in SA. Can anyone please suggest what could be the reason.
Do you use devices ? Look at the mapping files on the tag SecurityIncident_Source_Devices. There is a mapping issue there that is trying to map all those field IDs into Archer and it doesnt find them.
Alternatively if you dont use it you can put IGNORE in the CRUD Options for that app if you dont use it:
<application CRUDOptions="IGNORE" name="SecurityIncident_Source_Devices">
Hi Dimal, it is already in place, that s why this is just giving warnings.
Also it is creating incidents in delay of 3-4 days and few incidents are getting created.
But why it stops after creating certain incidents, tht is the issue.