Pre 5.1 - Noisy MacOs/Linux Sensors Reduce Retention
Cb Response Pre 5.1 OS X and Linux Sensors
MacOs and Linux Sensors produce a large number of events causing a significant reduction in process event data days of retention.
From the Detect -> Triage Alerts page, when selecting an Alert that would normally take you to the Process Analysis page, the resulting page is a custom 404 page.
This issue occurs when the Process event for the Alert is generated from an OS X or Linux Sensor. The Alerts page does not translate "old" Process Document ID's that are generated from the older OS X and Linux Sensor versions.
This issue is resolved in 5.1.1. Upgrade to the latest Cb Response server and sensor versions.
The workaround is to perform a Process Search and search for the events and/or IOC's outside of the Alerts page.
Refer to ENT-4735 in the 5.1.1 Release Notes for more information.