This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base Archive
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ESA alerts are not making it into the SA IM middleware for RSA SecOps

Article Number

000031473

Applies To

RSA Product Set: Security Management, Security Analytics
RSA Product/Service Type: SecOps, Event Stream Analysis (ESA), Incident Management (SA IM)
RSA Version/Condition: SecOps 1.2; Security Analytics 10.4.x, 10.5.x

Issue

Alerts in ESA are firing but nothing is making it to the Incident Management component and nothing is being output to SecOps.

Cause

This issue occurs because the "Forward Alerts on Message Bus" option is not selected on the ESA appliance.

Resolution

To resolve the issue, perform the steps below.
  1. Log into the Security Analytics UI as an administrative user.
  2. Navigate to Administration -> Services.
  3. Click on the red Actions button for the ESA service and select View -> Config.
  4. Click on the Advanced tab.
  5. Check the box for the Forward Alerts On Message Bus option and then click the Apply button.
    Image descriptionImage description

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-13 07:57 AM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.