2017-09-13 05:14 AM
some rules alerting events past 2 days and others for more 20 days. appreciate your advice
2017-09-13 05:31 AM
Hi Anas,
Please check if ESA aggregation falling behind using 000032858 - How to check if Event Stream Analysis (ESA) is falling behind concentrators in RSA Security Analytics
If Sessions behind is high, try https://community.rsa.com/docs/DOC-45974 to real-time alerts.
2017-09-13 07:17 AM
thanks, Sravan Koneti
solved for now, how to prevent from occurring again.
2017-09-13 11:34 PM
Glad to hear that problem solved now.
Generally, the rules which holds huge memory with more time window would cause ESA slowness or crash. Please try to use best practices to fine-tune rules. RSA Security Analytics Alerting using ESA Guide for Version 10.6.4
https://community.rsa.com/docs/DOC-45446
