Question: Can unmapped (also known as orphan) events be converted to mapped events
Originally Published: 2015-08-31
Article Number
Applies To
RSA Product/Service Type: Endpoint
RSA Version/Condition: 9.6 SP2
Platform: Windows
Platform (Other): null
O/S Version: 2008 Server R2 x64
Product Name: null
Product Description: null
Issue
These events are also know as un-mapped events.
It is not possible to map, the events and create an incident. The best option is to delete the orphan events by running a purge from the EM UI.
Resolution
Prerequisites
Check with DBA to make sure there is sufficient space for the transaction log
Start with small time window. (example last 5 days)
- EM UI -> Admin -> Support -> Settings -> Purge Incidents and Events
- Select Events radio box
- Purge Options: check Unmapped Events
- Date range,
- Rest of options based on policy, content blade, etc,
- Click Start Purge
Related Articles
Pending accounts which resolve to no known user attribute are expected to be orphaned once collections occur but instead a… Number of Views RSA® Authentication Manager 8.7 SP1 Known Issues Number of Views The RSA SecurID Access Cloud Authentication Service rejects signed SP-initiated SAML requests with an HTTP Redirect binding Number of Views Error "Unable to retrieve the certificate" on RSA Authentication Manager 8.6 when registering with Cloud Authentication Se… Number of Views Choosing a Connection Method to Add an SSO Agent Application Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Enable SSH from a console connection if the Operations Console is not available for RSA Authentication Manager 8.x Download RSA SecurID Access Cloud Administration audit logs using Cloud Administration REST API CLU RSA Authentication Manager Patch Updates
Don't see what you're looking for?
