AnsweredAssumed Answered

Alerts Not Working

Question asked by RSA Admin Employee on Jul 17, 2014
Latest reply on Jul 18, 2014 by huan zhou

Hi there,

 

We're working on a new deployment of RSA SA 10.3 and everything is (mostly) working well.  All our data is flowing into the devices and being parsed as expected.  We've setup a few ESA rules...some very simple and some a bit more complex.  For example, we copied exactly the Rule for 5 Failed Logon Attempts followed by a Successful Logon described in the documentation.  We've also setup some very simple alerts that match data we've seen in our Meta Keys (traffic to Russia, other basic stuff, etc.).  The goal is just to get any Alert to fire, but we're getting nothing.  When I "View Syntax" on our rules they show as valid, but when I go to Alert Summary there's nothing.  I also have our rules set to notify me via email, but I haven't seen anything.  Does anyone have any ideas?

 

Thanks in advance for any help.

 

Dave

Outcomes