To help you maximize your SIEM deployment, McAfee SNS ProTips deliver troubleshooting, best practices and how-to tips with links to in-depth KnowledgeBase resources.
Issue: While attempting to perform a policy rollout in the SIEM ESM 9.x Policy Editor, errors appear indicating the rollout has failed.
Cause: Most likely these errors are cause by invalid custom rules, a corrupt rules file, and invalid data source settings.
Resolution: Solutions include: performing a manual rules update, checking for invalid data source settings, checking for errors rolling out policy on an IPS' For more information and step-by-step instructions on how to troubleshoot, see KB82389 — How to troubleshoot SIEM policy rollout issues.
To see past SNS Weekly Roundups featuring 7 days of product news (each Thursday), go to the SNS Community page. To sign up for the Support Notification Service (SNS), go to the SNS Subscription Center.