This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base Archive
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mechanism does not change when switching from Automated Threat Detection for Logs (Using Query-Based Aggregation) to Packets in RSA Security Analytics 10.6

Article Number

000035768

Applies To

RSA Product Set: NetWitness Logs & Network, Security Analytics
RSA Product/Service Type: Event Stream Analysis (ESA), Advanced Threat Detection
RSA Version/Condition: 10.6.x
Platform: CentOS
O/S Version: EL6

Issue

When you switch from Automated Threat Detection for Logs (Using Query-Based Aggregation) to Packets, the mechanism does not change.

Resolution

This issue is currently being investigated by the Engineering team in order to resolve it in a future release.

Workaround

Manually change the value. To change the value:
  1. Go to the RSA NetWitness UI > Administration > Services > Event Stream Analysis > View > Explore
  2. From there, go into the Workflow directory > Source nextgenAggregationSource and change the Mechanism field from QUERY to AGGREGATION.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 03:56 PM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.