ERCELM (Could not update policy - "Error: Could not execute command on device")
I am having a strange problem and cannot rollout policy after creating a custom ASP rule for one of my data sources. I get an error: (Could not update policy - "Error: Could not execute command on device") I disabled the rule since that was the obvious thing to do, but still no rollout. I deleted the rule, and again the same thing. After that I tried to remove the problematic data source altogether, but still could not rollout the policy. Stopped/started the receiver, even restarted the whole SIEM still the same problem. Last thing I tried was manual rule update to possibly fix some corrupted rules, and the problem still persists.
Anyone had something similar happen and maybe can share some tips? Because I hit a dead end obviously...
Re: ERCELM (Could not update policy - "Error: Could not execute command on device")
I would look at all your custom rules in policy editor if you bring them up one by one you should be able to find the one causing the issue. It will most likely have a blank field or when you open it will tell you there is an issue with it. If you are having issues please give support a call so one of my colleagues can assist you.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.