.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Rules containing a group-by statement with a multi-valued meta fail in RSA Security Analytics 10.6
Issue
Rules containing a group-by statement with a multi-valued meta (such as alias_host) fails.Steps to Reproduce
- Create an ESA Rule with a single statement, having a multi-valued meta field such as alias_host in the condition, and group by that meta value.
- Inject matching events and attached events. The rule will not trigger.
Resolution
This issue is resolved in Security Analytics 10.6.1.
Product Details
RSA Product Set: Security AnalyticsRSA Product/Service Type: Event Stream Analysis (ESA)
RSA Version/Condition: 10.6
Platform: CentOS
O/S Version: EL6
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue