This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA NetWitness® Platform Discussions

Discussions about the RSA NetWitness Platform.
MohdSaadKhan
New Contributor
New Contributor
‎2016-05-26 04:33 AM

ESA Rules are not triggering Up

I have configured test alerts for the server shutdown for one of my server whose logs are as;

IBS.jpg

and the rule I configured is as;

IBS2.jpg

 

But when we have tested by rebooting the system, the logs came but the alert didn't triggered up. Likewise there are many alerts which are not triggering though we received the logs on SA server.

Note: Concentrator is successfully added on ESA and is enabled.

Do anyone know about the root cause?

0 Likes
Reply
3 Replies
DavidWaugh1
Employee
Employee
‎2016-05-26 04:50 AM

Okay, I was going to suggest the case sensitivity - but you have matched the case of your meta exactly so it is not that.

Have you actually deployed the rules to your ESA and are they deployed successfully?

0 Likes
Reply
MohdSaadKhan
New Contributor
New Contributor
‎2016-05-26 05:30 AM

Yes I have deployed in ESA.

Do two rules with same functionality effect each other? As we have created two rules for the same activity.

0 Likes
Reply
JonathanSaxon
Employee
Employee
‎2016-05-31 03:41 PM

I did some testing on this yesterday, and this morning on the way to work, realized I had made an error in my logic to get it to trigger at all.

 

This morning, I continued my testing and am having problems getting it to work.

 

Once I figure this out, I'll post something but let me know what version of Security Analytics and ESA you are using.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.