Article Number
000030625
Applies To
RSA Product Set: Security Analytics
RSA Product/Service Type: SA Malware Analysis
RSA Version/Condition: 10.x
Platform: CentOS
O/S Version: 6
RSA Product/Service Type: SA Malware Analysis
RSA Version/Condition: 10.x
Platform: CentOS
O/S Version: 6
Issue
SA Malware Analysis is not processing any events on continuous scan mode. Looking at the spectrum.log, it is showing that no events are being submitted to be processed.
It was verified on Investigator that spectrum.analize present, but did not find the spectrum.consume and spectrum.consume11.
Issue is the two required App Rules are not deployed on the decoders. These App Rules determine which sessions/events are to be submitted to the Malware Analysis for processing.
It was verified on Investigator that spectrum.analize present, but did not find the spectrum.consume and spectrum.consume11.
Issue is the two required App Rules are not deployed on the decoders. These App Rules determine which sessions/events are to be submitted to the Malware Analysis for processing.
Resolution
On Security Analytics head GUI, go to Live > Search, then put in Tag: malware analysis, click Search.
Then subscribe and deploy all resources found to the packet decoders.
Please see below screenshot (also attached) of Live search using Malware Analysis as tag:
Image description
Then subscribe and deploy all resources found to the packet decoders.
Please see below screenshot (also attached) of Live search using Malware Analysis as tag:
Image descriptionIn this article
