SNS ProTip for SIEM: Troubleshooting ESM 9.x Policy Editor Rollout

Version 2

    To help you maximize your SIEM deployment, McAfee SNS ProTips deliver troubleshooting, best practices and how-to tips with links to in-depth KnowledgeBase resources.

    Issue: While attempting to perform a policy rollout in the SIEM ESM 9.x Policy Editor, errors appear indicating the rollout has failed.

    Cause: Most likely these errors are cause by invalid custom rules, a corrupt rules file, and invalid data source settings.

    Resolution: Solutions include: performing a manual rules update, checking for invalid data source settings, checking for errors rolling out policy on an IPS' For more information and step-by-step instructions on how to troubleshoot, see KB82389How to troubleshoot SIEM policy rollout issues.

    For more resources, visit the McAfee KnowledgeBase and search for SIEM-related KBs, and visit the McAfee SIEM Community.

    To see past SNS Weekly Roundups featuring 7 days of product news (each Thursday), go to the SNS Community page. To sign up for the Support Notification Service (SNS), go to the SNS Subscription Center.