Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Event rule not triggering in a timely fashion

Event rule not triggering in a timely fashion

Version

Bit9 Security Platform - 7.x and higher

 

Issue

After creating an event rule, events are found that match the filter, but it is taking longer than expected to trigger the action.

 

Symptoms

  • When viewing the event rule in the console, new events are appearing that match the event rule, but the event is showing as pending.
  • The matching event does not move from pending to complete in a timely fashion.

 

Cause

The Prevalence file property is being used to filter the event rule.

 

When the Prevalence file property is used for the filter, the Bit9 Server waits to process the event rule until the prevalence is calculated again. This calculation is done asynchronously, which means that the recalculation of prevalence will not be done immediately.

 

Solution

If the event rule must be calculated immediately, you will need to remove the Prevalence filter.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎06-16-2015
Views:
389
Contributors