This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Major setback with ESA - "No rules found"

RSAAdmin
Beginner
Beginner

‎2014-11-04 11:27 AM

Was making progress configuring Alerts in ESA and Incident Management.  However today I went to the ESA -> Configure option and all my custom rules are missing.

 

Has anyone encountered this issue?  All of the important rules are still synchronized, but not available in the "All rules" section.

No way to back them up now either.   Is there a way to pull synchronized rules from the ESA database?

0 Likes
2 REPLIES 2

Anonymous
Not applicable

‎2014-11-05 02:00 PM

Hello Spyhunter,

 

Well this is not happened with me but I found one thing that after receiving the alerts on the ESA after that I am not able to access the incident management by any way.

I am getting an error msg on the im.

 

According to me you can take the backup of your rules thru

/rsa/reporting enginer/rsa/soc/repoting engine logs.

 

I will share the exact path soon.

 

Regards,

Deepanshu Sood

Technical Consultant - Information Security

0 Likes

RSAAdmin
Beginner
Beginner
In response to Anonymous

‎2014-11-14 08:54 AM

Ended up having to rebuild all the ESA rules by hand with help from professional services.

 

Before patching make sure you backup all of your rules.

It may be a best practice to shutdown the ESA service and others before patching to mitigate the risk of losing your ESA rules.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.