.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Duplicate events are seen in RSA Security Analytics from Windows Legacy Collector Event Sources
Issue
The customer was seeing duplicate events in investigator where the events were being collected by a Windows Legacy Collector
Cause
The customer had defined the link between the windows legacy collector and the log collector in two places incorrectly.- Administration -> Devices -> Legacy Collector ->Config-> Local Collectors ->Destination Groups was defined.
- Administration -> Devices -> Log Collector -> Remote Collectors ->Legacy Collector was defined
Resolution
Removing one of the above settings.
Product Details
RSA Product Set: Security AnalyticsRSA Product/Service Type: Windows Legacy Collector, Security Analytics UI
Approval Reviewer Queue
ASOC Approval Group