When adding data sources to the Reporting Engine, the devices appear to be added successfully even when invalid credentials are used.
However, when attempting to run or test a rule that utilizes the data source, error messages similar to these below are displayed in the Security Analytics UI:
Note also the following:
1. the "Test Rule" dialog box in the Security Analytics UI will also display a message similar to the following: Schema fetched from data source was null for data source=SA - Broker
2. The /home/rsasoc/rsa/soc/reporting-engine/logs/reporting-engine.log file on the Security Analytics server will report an error similar to the example below"
2014-11-14 19:23:33,013 [Reporting Status Polling 1389004080] ERROR com.rsa.smc.sa.reporter.jobs.ReporterChartPollingTask - Action is not authorized on resource
com.rsa.smc.sa.reporter.exception.ReporterSecurityException: Action is not authorized on resource
This issue occurs due to a known issue in versions 10.4.0.0 and 10.4.0.1 wherein the credentials for Reporting Engine data sources are not validated when they are entered.