Owen,Not sure what version you are using, but 10.6 allows you to use the
basic rule. When you build the condition there is a check box for
array.Just that on the meta that is currently in an array.
(isOneOfIgnoreCase(action,{ 'monitor session' }) AND...
This is typically caused when the fneserver (the Security Analytics
licensing server) is unable to reset the trust store due to old
licensing information. It can happen when VMs are cloned, or when old
licensing information is not flushed properly. 1...
Mohd, Did you look at the reporting engine log and the archiver log?
Reporting engine log can be found at:
/home/rsasoc/rsa/soc/reporting-engine/logs/reporting-engine.logArchiver
log can be found at: /var/log/messages You can modify the meta groups
f...