AnsweredAssumed Answered

Error while executing an Advanced EPL rule

Question asked by support soc on Aug 6, 2020
Latest reply on Aug 6, 2020 by John Snider
Hello Team, 
I am getting an error while executing the below advanced EPL rule, please help me out.
@RSAAlert(oneInSeconds=0)
SELECT * FROM 
Event (
medium = 1
AND device_type='checkpointfw1'
                AND ip_src IS NOT NULL
AND ip_dst IS NOT NULL
AND action IS 'accept'
AND alert_id IS 'TS-Outbound'
AND (port_dst_all= 22,3389)
FOLLOWEDBY action IS not 'drop'
).std:groupwin(ip_src)
.win:time_length_batch(100 sec, 1) 
.std:unique(ip_src)
GROUP BY ip_dst 
HAVING count(ip_src) = 1
;
ERROR : Syntax error in module.  Unrecognized control characters found in text, failed to parse text

Outcomes