.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
SA Malware Analysis is not processing any events on continuous scan mode. Looking at the spectrum.log, it is showing that no events are being submitted to be processed.It was verified on Investigator that spectrum.analize present, but did not find the spectrum.consume and spectrum.consume 1.1
Issue is the two required App Rules are not deployed on the decoders. These App Rules determine which sessions/events are to be submitted to the Malware Analysis for processing.
Resolution
On Security Analytics head GUI, go to Live > Search, then put in Tag: malware analysis, click Search.Then subscribe and deploy all resources found to the packet decoders.
Please see below screenshot (also attached) of Live search using Malware Analysis as tag:
Product Details
RSA Product Set: Security AnalyticsRSA Product/Service Type: SA Malware Analysis
RSA Version/Condition: 12.x
Platform: CentOS
O/S Version: 7
Approval Reviewer Queue
ASOC Approval Group