Support Center > Search Results > SecureKnowledge Details
In SmartEvent policy, adding exclusion for sensor alert event by event id (e.g. id=20300) causes policy installation failure Technical Level
  • When adding the following Sensor Alert exception (using the alert ID 20300) in SmartEvent policy ("Host Based Event" -> "Sensor Alert" -> "Exclude the following entries"), the SmartEvent policy installation fails with the error:

    Installing policy for job [All online jobs]
    ERROR: Unknown field type - sensor_alert_id
    Error processing Ignore rule (problematic field - 'sensor_alert_id')
    Failed to build correlation policy for event 'Sensor Alert'
    Failed to buildJobDetectorsPolicy.
Note: To view this solution you need to Sign In .