Alerting Issue in UI in RSA Web Threat Detection 5.1.0.7 Custom Key
2 years ago
Originally Published: 2016-09-08
Article Number
000043142
Applies To
RSA Product Set: Web Threat Detection
RSA Product/Service Type: Mitigator
RSA Version/Condition:  5.1, 5.2,6.0 
Issue
 WTD 5.1.0.7   Custom Key, Alerting Issue Additional Project Description/Summary:
 When setting up a custom key and using that key as the Alert Key in a rule, the system does not flag the alert in the UI. We have tested alerting to email, and the email arrives (telling us that the alert triggered), but there is still no alert visible in the UI. Thus, this appears to be a UI-only issue, where alerts triggered against custom keys do not appear.  

As stated above, this rule sends out emails when it alerts, proving that it indeed triggers as expected, but the alert never shows in the UI.  
Resolution
An issue was presented to Engineering -- (in WTD 4992)

"Alerts listing and the Current Real Time Alerts list will only show alerts keyed against "ip, page, and user". By default there are 8 total keys to select from in the rule creation page under the "Alert Key" drop down list."

This is now fixed in version WTD 6.1 that is scheduled to be released in October 2016. 

What was fixed --
"Remove filtering on javascript code that filters all keys except for ip, user and page. 
All keys are now supported."

Tested the fix --
"creating a RT rule and setting alert keys as : user_ip & user_page & ip_page & agent
when rule is triggered, all keys displayed in the alerts section"

Related Articles

Trending Articles

Don't see what you're looking for?