Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Pre 5.1 - Noisy MacOs/Linux Sensors Reduce Retention

Pre 5.1 - Noisy MacOs/Linux Sensors Reduce Retention

Version

Cb Response Pre 5.1 OS X and Linux Sensors

Issue

MacOs and Linux Sensors produce a large number of events causing a significant reduction in process event data days of retention.

Symptoms

From the Detect -> Triage Alerts page, when selecting an Alert that would normally take you to the Process Analysis page, the resulting page is a custom 404 page.

Cause

This issue occurs when the Process event for the Alert is generated from an OS X or Linux Sensor.  The Alerts page does not translate "old" Process Document ID's that are generated from the older OS X and Linux Sensor versions.

Solution

This issue is resolved in 5.1.1. Upgrade to the latest Cb Response server and sensor versions.

The workaround is to perform a Process Search and search for the events and/or IOC's outside of the Alerts page.

Important Note(s)

Refer to ENT-4735 in the 5.1.1 Release Notes for more information.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎02-14-2017
Views:
658
Contributors