Reprocess the capture data on Security Analytics appliance


Article ID: 169861


Updated On:


Security Analytics


Changes made on indicators or rules, and would like to generate report with the new attributes.


You can reprocess the captured data for require report by performing the following,

  1. Log into the web UI and navigate to Capture -> Summary. 
  2. Wait for the graph to populate.
  3. On the top right of the graph, select Actions -> Reprocess, this will take you to the Reprocessing Jobs screen.
  4. Click the New button, select the time range as desired..
  5. Click Save. The selected data is sent back through the rules engine and is also indexed again.

If you need to reprocess a lot of data, it is best to do it in smaller chunks (hours or a day to avoid performance issue).