Hi guys, In an environment with 7.1.5 Enterprise, the incident continues
to trigger after disabling some rules. Have we hit a bug before, has
anyone encountered this situation before?
Hi Guys, There is an agent on the windows machine with SQL Server
installed, we get SQL User and audit logs here, but we cannot get logs
at the operating level such as Create, Alter, Drop, we do not need a
custom table log. We got these logs without ...
Hi guys, I am using a windows agent with 7.1.0 Agent, some fields in the
incoming log are not parsed and some fields in the incidents in the
default rules it hits are empty. Normally, I think there should not be
such a situation in the default parser...
Hi guys, We have an environment with about 200 windows machines where
windows agent is installed, but in some environments there is 7.1.0.9
while in some environments there is 7.2.0.115 version. In environments
with 7.2.0.115, windows parsers did not...
I use Cloud EDR so we have the latest version. Windows version is 11.
The agent version installed on Windows is 5.2.2. After the last
mandatory windows upgrade I get an OS not supporting error, so it is
degraded. I can't see a more updated package, i...
Hi @Himanshu735 As far as I know and if I understand correctly, if you
are going to use keepers, you should use 2 workers other than the
Supervisor keeper here and you should activate these two workers in the
shard structure.
Hi Guys @MoussaRms @Richie_C I have the same problem in a different
environment, but I can't use wireshark or anything like that. Have you
been able to solve this problem, is there any other step that needs to
be done?
@Secusaurus I actually tried this in a test environment with a content
update and an updated version and the result was the same. Since it is
known that a custom parser has been passed before, there may be a
different formatting here. How can I separ...
Hi guys @wfgaitan @jamesmid Have you been able to resolve this, Super
disk avaliable is decreasing but no increase in warm. Should we move it
manually, is it right to do this, have you implemented a new solution?
