This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

ESA Rules are not triggering Up

MohdSaadKhan
Frequent Contributor
Frequent Contributor

‎2016-05-26 04:33 AM

I have configured test alerts for the server shutdown for one of my server whose logs are as;

IBS.jpg

and the rule I configured is as;

IBS2.jpg

 

But when we have tested by rebooting the system, the logs came but the alert didn't triggered up. Likewise there are many alerts which are not triggering though we received the logs on SA server.

Note: Concentrator is successfully added on ESA and is enabled.

Do anyone know about the root cause?

0 Likes
3 REPLIES 3

DavidWaugh1
Employee
Employee

‎2016-05-26 04:50 AM

Okay, I was going to suggest the case sensitivity - but you have matched the case of your meta exactly so it is not that.

Have you actually deployed the rules to your ESA and are they deployed successfully?

0 Likes

MohdSaadKhan
Frequent Contributor
Frequent Contributor

‎2016-05-26 05:30 AM

Yes I have deployed in ESA.

Do two rules with same functionality effect each other? As we have created two rules for the same activity.

0 Likes

JonathanSaxon
Employee
Employee

‎2016-05-31 03:41 PM

I did some testing on this yesterday, and this morning on the way to work, realized I had made an error in my logic to get it to trigger at all.

 

This morning, I continued my testing and am having problems getting it to work.

 

Once I figure this out, I'll post something but let me know what version of Security Analytics and ESA you are using.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.