I get the following error while deploying the rule. I've check the syntax and it says rule is valid.
ESA was unable to deploy one or more rules, and these rules were disabled. Common issues include: missing metadata, invalid rule syntax, and unavailable external connections at the time of deployment.
Following is the rule logic used. I'm not sure what the problem is.
/*
This basic template is a placeholder for defining basic EPL content that can be
installed and executed in ESA. The sample below is the minimum that would be
required to get started.
Version: 5
*/
/*
Module debug section. If this is empty then debugging is off.
*/
/* EPL section. If there is no text here it means there were no statements. */
module Module_c487ee49_24d6_4676_80af_94bdcdc59d6b;
@Name('Module_c487ee49_24d6_4676_80af_94bdcdc59d6b_Alert')
@Description('')
@RSAAlert(oneInSeconds=0)
SELECT * FROM Event
(
/* Statement: Repeated Uniform Bytes to Domains */
(domain_dst IS NOT NULL
AND bytes_src IS NOT NULL)
)
.std:unique(domain_dst)
.std:groupwin(bytes_src)
.win:time_length_batch(5 Minutes, 100)
GROUP BY bytes_src
HAVING COUNT(*) >= 100;
