No IP Address Entity Collection association to DIM Incidents in the Analyzer
search cancel

No IP Address Entity Collection association to DIM Incidents in the Analyzer

book

Article ID: 441104

calendar_today

Updated On:

Products

Information Centric Analytics

Issue/Introduction

Entity collections of type IP Address are not associated with DIM incidents in the Analyzer.

Steps to reproduce:

  1. Create a flat file containing a list of IP addresses that have corresponding DIM incidents with populated SourceIPIDs in the Risk Fabric system
  2. Create a File System IW data source and corresponding data source query to import the flat file
  3. Create an import rule and mapping of type Entity Collection - IP Address using the data source query created on step 2
  4. Run the IW job for the data source query
  5. Run the nightly RiskFabric Processing job
  6. Create an Analyzer view configured as follows:
    • Measures: DIM Incident Count
    • Rows: Entity Collection > Name dimension
  7. Filter the Entity Collection name to only include the newly created IP address entity collection and note that no results are displayed

Environment

Release : 6.7

Component : Analyzer

Resolution

This behavior will be addressed in a future release of ICA.

Powered by Wolken Software