.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
All incidents name appears with
This is due to Group by value set "Source IP Address" as default parameter in Incident Rules.
Resolution
Please follow below steps to get Incident Name with ESA alert title.- 1. Login to Netwitness GUI.
- 2. Navigate to CONFIGURE->Incident Rules to view list of rules.
- 3. Edit the rule wish to change the Name.
- 4. Locate GROUPING OPTIONS-> GROUP BY and Select "Alert Name" from drop down as below and Save rule.
- 5. Verify new incidents comes with ESA alert title in Incident name as below by Navigating to RESPOND->Incidents page.
Product Details
RSA Product Set: NetWitness Logs & NetworkRSA Version/Condition: 11.x
Platform: CentOS
O/S Version: 7
Summary
This article outlines the procedure to show ESA alert title in Incident name.
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue