some rules alerting events past 2 days and others for more 20 days. appreciate your advice
some rules alerting events past 2 days and others for more 20 days. appreciate your advice
Hi Anas,
Glad to hear that problem solved now.
Generally, the rules which holds huge memory with more time window would cause ESA slowness or crash. Please try to use best practices to fine-tune rules. RSA Security Analytics Alerting using ESA Guide for Version 10.6.4
000033036 - Helpful information for developing ESA rules in RSA Security Analytics
Hi Anas,
Please check if ESA aggregation falling behind using 000032858 - How to check if Event Stream Analysis (ESA) is falling behind concentrators in RSA NetWitness Platform
If Sessions behind is high, try 000029735 - How to aggregate ESA events from the current time in the RSA NetWitness Platform (Version 11.2 and below) to real-time alerts.