RSA Admin

Alerter cache

Discussion created by RSA Admin Employee on Sep 11, 2008
Latest reply on Sep 25, 2008 by RSA Admin

We would like to see the Alerter cache changed from a 10,000 messages limit which then clears, to a FIFO rolling cache.

 

Our reason is this;  Our 24/7 command center watches enVision for alerts/changes/etc via the Enterprise Dashboard.  They look for changes in things such as Peak Severity, Current Severity, % change, etc. then they can drilldown to the alerts of interest.  The problem we see with the way the Alerter cache is currently cleared, there will be times when the 10,000 alert limit is reached the command center analyst suddenly sees that everything is normal.  The severity icons are green and the % Change is back to zero.

 

An undesireable situation.   A FIFO rolling cache would not 'reset to zero' the Enterprise Dashboard at what could be considered critical times

Outcomes