Hi there,
We're working on a new deployment of RSA SA 10.3 and everything is (mostly) working well. All our data is flowing into the devices and being parsed as expected. We've setup a few ESA rules...some very simple and some a bit more complex. For example, we copied exactly the Rule for 5 Failed Logon Attempts followed by a Successful Logon described in the documentation. We've also setup some very simple alerts that match data we've seen in our Meta Keys (traffic to Russia, other basic stuff, etc.). The goal is just to get any Alert to fire, but we're getting nothing. When I "View Syntax" on our rules they show as valid, but when I go to Alert Summary there's nothing. I also have our rules set to notify me via email, but I haven't seen anything. Does anyone have any ideas?
Thanks in advance for any help.
Dave
