Article Number
000030821
Applies To
RSA Product Set: Security Analytics
RSA Product/Service Type: Event Stream Analysis (ESA), Security Analytics UI
RSA Version/Condition: 10.5.0.1, 10.5.0.2
Platform: CentOS
O/S Version: EL6
Issue
When a new ESA rule is deployed, it may be observed that disabled rules are also inadvertently deployed.
Resolution
This issue is permanently resolved in Security Analytics 10.5.1.0.
Workaround
Review all ESA rules directly after the deployment of new rules.
If any disabled rules are found enabled that should not be, disable them again.
Alternately, review ESA rules and delete any disabled rules if they are no longer required.