Version
Cb Response 6.1.x
Issue
Following a server upgrade to 6.1, events that should be filtered out are appearing in the console
Cause
Very often this is caused by the presence of legacy 5.x sensors in the environment. Ingress Filtering on legacy sensors is not supported
Solution
Query syntax is more strict in 6.1 so all migrated or added ingress filters should work. If the legacy ingressfilter.conf file contained poor syntax, you would run into this issue: Response 6.1 upgrade: fails on CONVERT OLD INGRESS FILTERS
Verify the ingress filter is active on the server:
sudo psql cb -p 5002 -c "SELECT * FROM ingress_filter WHERE deleted=false;" |
- Upgrade to the latest 6.x sensor version as soon as possible in your environment