Resolution
Unable to view any saved forensic queries using Security Manager Control Center.
symptom
I cannot view saved Forensic Analysis queries in the Control Center.
symptom
After copying Forensic Analysis queries from one computer to another, queries are not available in Security Manager Control Center.
cause
A query cannot load if there is a query that has the same internal name in Security Manager.
fix
Open the SMControlCenter.txt
file, located under \Documents and Settings\userid\Application Data\NetIQ\Security Manager\Log Files
. If you see 'ERROR NetIQ.SM.GUI.Plugins.ForensicsQueriesPlugin: Column 'Query Name' is constrained to be unique,' you have a Forensic Analysis query with the same name as an existing query.
Under the Program Files\NetIQ Security Manager\OnePoint\VSOC\config\Forensic Queries
folder, find the offending query and edit the XML file. Look near the top of the file for the 'Name=' tag and change it to a unique name from the other queries. This is especially important if you are copying queries from one UI computer to another.