logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

SIEM Connector is occasionally falling behind

SIEM Connector is occasionally falling behind

Version

Cb Defense (formerly Confer) - All

Issue

SIEM Connector is occasionally falling behind.

Symptom

Notification received from SIEM Connector are delayed.

Cause

The current architecture of the SIEM connector is such that it polls the sever for new events on a fixed interval (5 min default/recommended) and downloading a fixed number of events each time. Occasional burst in event volume may case connector to fall behind, because there are too many events queued up on the server side.

Solution

In many cases, the SIEM connector will catch up over a period of time as the volume of events goes down back.

In some cases, adjusting the poll interval (not less than 5 minutes) and/or download size may be needed to make the connector catch up.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
klazaga
Creation Date:
‎07-15-2016
Views:
705
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.