some rules alerting events past 2 days and others for more 20 days. appreciate your advice
Please check if ESA aggregation falling behind using 000032858 - How to check if Event Stream Analysis (ESA) is falling behind concentrators in RSA Security Analytics
If Sessions behind is high, try 000029735 - How to aggregate events from the current time in Security Analytics ESA to real-time alerts.
thanks, Sravan Koneti
solved for now, how to prevent from occurring again.
Glad to hear that problem solved now.
Generally, the rules which holds huge memory with more time window would cause ESA slowness or crash. Please try to use best practices to fine-tune rules. RSA Security Analytics Alerting using ESA Guide for Version 10.6.4
000033036 - Helpful information for developing ESA rules in RSA Security Analytics
Retrieving data ...