Unable to add multiple sensors to a rule using the Security Analytics Central Manager (CMC)
book
Article ID: 168634
calendar_today
Updated On:
Products
Security Analytics
Issue/Introduction
While using the CMC, you are unable to add multiple sensors to the rule. Each rule must be manually duplicated to each sensor.
Resolution
This behavior is due to technical necessity to reduce the complexity of aggregated favorites, actions, integration providers, and offbox settings. So it must be done manually for each sensor.
We still aggregate the favorites on the CMC, to allow the user to use the favorite on the CMC pathbar. We do not attempt to aggregate all of the related data beyond the favorite, such as actions, integration providers, and offbox settings. The issue and complexity occurs when someone alters a single field for a single sensor.