Unable to add multiple sensors to a rule using the Security Analytics Central Manager (CMC)

book

Article ID: 168634

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

While using the CMC, you are unable to add multiple sensors to the rule. Each rule must be manually duplicated to each sensor.

Resolution

This behavior is due to technical necessity to reduce the complexity of aggregated favorites, actions, integration providers, and offbox settings. So it must be done manually for each sensor.

We still aggregate the favorites on the CMC, to allow the user to use the favorite on the CMC pathbar. We do not attempt to aggregate all of the related data beyond the favorite, such as actions, integration providers, and offbox settings. The issue and complexity occurs when someone alters a single field for a single sensor.