RSA Admin

Max Thread Limit xxxxx Reached

Discussion created by RSA Admin Employee on May 10, 2011
Latest reply on May 20, 2011 by RSA Admin

Hi All,

 

I am trying to write a rule which is looking for failed logins for a user followed by no successful login in certain time period. If this gets true, alert me.

 

In this logic, I am using multithread on 'username' for the first statement. Even after making it 5k, it always says that the 'Max Thread Limit xxxxx Reached'. Post some investigation, i was able to figure out that this rule is also considering the usernames for multithreading which has successful logsins for this rule even though successful login is not a criteria here.

 

My question is, why enVision is doing a multithread on the usernames where a failed login didn't even happen? In this case, I am sure the thread Limit will always be reached.

 

Any comments or advise to correct my uderstanding (if wrong).

Outcomes