Question: Can unmapped (also known as orphan) events be converted to mapped events
Originally Published: 2015-08-31
Article Number
Applies To
RSA Product/Service Type: Endpoint
RSA Version/Condition: 9.6 SP2
Platform: Windows
Platform (Other): null
O/S Version: 2008 Server R2 x64
Product Name: null
Product Description: null
Issue
These events are also know as un-mapped events.
It is not possible to map, the events and create an incident. The best option is to delete the orphan events by running a purge from the EM UI.
Resolution
Prerequisites
Check with DBA to make sure there is sufficient space for the transaction log
Start with small time window. (example last 5 days)
- EM UI -> Admin -> Support -> Settings -> Purge Incidents and Events
- Select Events radio box
- Purge Options: check Unmapped Events
- Date range,
- Rest of options based on policy, content blade, etc,
- Click Start Purge
Related Articles
Error: 'AttributePluginException: error encountered while trying to convert a user property: samlattr6: java.lang.IllegalA… Number of Views Error message "Can not convert logon name: lab\\tstuser1 to UPN error: 0" during IWA authentication in RSA Access Manager Number of Views Error ORA-01830: date format picture ends before converting entire input string when collecting a datetime object in RSA I… Number of Views How to minimize outage time when converting from a standalone to a clustered RSA Identity Governance and Lifecycle deployment Number of Views AFX Connectors remain in a Deployed state and Port 8585 already in use error in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026) Deploying RSA Authenticator 6.2.2 for Windows Using DISM RSA MFA Agent 2.4 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
