swetha Frequent Contributor.
Frequent Contributor.
786 views

What is the symbol meaning, need to know whether it is disabled or not.

What is the symbol meaning for the rule, need to know whether it is disabled or not.

Labels (1)
0 Likes
4 Replies
Super Contributor.. TsNik1 Super Contributor..
Super Contributor..

Re: What is the symbol meaning, need to know whether it is disabled or not.

In the doc "ArcSight Console User Guide" (p.1030) writing about this situation.  It means that your rule is triggering itselves in a recursive loop. You need to check you conditions.

0 Likes
Honored Contributor.. brian.chong@hpe Honored Contributor..
Honored Contributor..

Re: What is the symbol meaning, need to know whether it is disabled or not.

Here is the exact explanation from the doc found on pg 420 of the Console User guide for ESM 6.5c.

Brian Chong

0 Likes
swetha Frequent Contributor.
Frequent Contributor.

Re: What is the symbol meaning, need to know whether it is  disabled or not.

Thanks Brian...

0 Likes
tkachouba Trusted Contributor.
Trusted Contributor.

Re: What is the symbol meaning, need to know whether it is disabled or not.

The system (ESM) disabled the rule because it was firing recursively.  As suggested, check your rule conditions and aggregation.  Adding Type != Correlation to the conditions is generally a best practice in most cases.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.