0
votes
1
answer
156
views

How to fix Splunk connection Error? ["No appropriate protocol (Protocol is disabled or cipher suites are inappropriate")]

For some users, Splunk integration may not work out of the box. Java 1.7 (which powers Tomcat, and Securonix) has SSL disabled by default. This results in the following error while attempting to connect to Splunk in Securonix: No appropriate protocol (protocol is disabled or cipher suites are inappr...
29 Jul, 11:50 aravind25
0
votes
1
answer
697
views

What are the most common installation problems encountered?

A partial list of things I've seen: 1. Java JDK not supported - Currently 1.7.0u51 works, however 1.7.0.55 fails. 2. Schema exists, but not all MySQL scripts complete( no data or upgrade file run) 3. JAVA_HOME variable not defined, or not set correctly 4. The password for the DB not specified/in...
14 Jul, 12:02 bhanureddy15
0
votes
0
answers
103
views

What is the use of Configure >Settings >Holidays

Hi, What is the use of Configure >Settings >Holidays option in RTI 4.6 And Where/how we can implement (Ex. In Policy violation, Behaviour Outlier, etc.)
14 Jul, 07:56 sunil15
0
votes
0
answers
108
views

How to import events from Windows 7 into RTI 4.6

Hi, How we can make direct connection to import events like System, Application, Security (one at a time Ex. Security events only) from windows 7 into RTI 4.6 without domain controller (i.e windows 7 in WORKGROUP).
14 Jul, 06:33 sunil15
0
votes
1
answer
166
views

How to enable MySQL replication

How to enable MySQL replication
25 Jun, 10:44 Praful ♦♦126
0
votes
1
answer
157
views

How should i enable single sign on (SSO) in Securonix?

How should i enable single Sign on (SSO) in Securonix?
19 Jun, 09:10 Praful ♦♦126
0
votes
0
answers
131
views

Securonix trial request

Hey Guys, I am working in a Securonix project and need to learn by doing some research, for which I need a trial version of securonix web platform to install in my homelab. I am unable to download at community page as it is asking for account and I am unable to register an account. Requesting your k...
17 Jun, 08:54 bedantmishra15
0
votes
1
answer
219
views

Watchlist functionality and usage

Can someone share their experience working with the watchlists, what exactly happens when users are added to a watchlist? I am in need of giving the security analysts (who do not have admin privileges in Securonix) the ability to update watchlists. The analysts want to assign a high risk score to ce...
27 Apr, 15:44 mnair71
0
votes
3
answers
1.3k
views

UniversalForwarder freezes after java.lang.OutOfMemoryError: GC overhead limit exceeded

We're finding the UniversalForwarder (UL) freezes up after Java garbage collection out of memory errors. Our current Java command line to start UL is as follows: java -jar $SECURONIX_HOME/agent/UniversalForwarder.jar -server -Xms16g -Xmx20g -XX:+UseG1GC -XX:MaxPermSize=512m -XX:+AggressiveOpts -XX:+...
22 Apr, 16:03 Aditya90
0
votes
1
answer
213
views

Migrating exploded Profiler.war from webapps to another Tomcat server.

How to migrate the exploded Profiler.war (Profiler folder) from webapps to another server's webapps folder?
21 Apr, 21:20 AKadakia15
0
votes
1
answer
2.8k
views

top N charts are not getting displayed on master child architecture

I have created a datasource and enable top N charts . Datasource is configured on Child node. I have imported activities but top N chart showing 'No data to display' message on chart. How can I resolve this?
01 Apr, 03:08 Praful ♦♦126
0
votes
1
answer
304
views

users are not getting synced with child nodes

I configured master child architecture, But Users are not getting synced with child nodes? How can I debug this?
01 Apr, 03:02 Praful ♦♦126
0
votes
1
answer
395
views

Uncorrelated User Account Status ="Suspended"

We imported access entitlements for various applications in GE Capital, but some apps have uncorrelated users whose Account Status = "Suspended." Other uncorrelated users in that same app have Account Status = "Active." What does this mean exactly, and how is Securonix pulling this information when ...
01 Apr, 02:00 Praful ♦♦126
0
votes
3
answers
492
views

Tracking identity enablement/disablement

In our identity feed, we have a flag indicating if userid is enabled or disabled. I want changes to this flag's state to affect the user table's dateenabled and datedisabled fields. I could do it via a scheduled SQL function on the server side, such as check flag status and if current state's time s...
18 Mar, 15:43 JasonBlue17
0
votes
5
answers
827
views

What is best way to import a watchlist?

Been given a flat file of employee identifiers to be used as one of our watchlists; requirements are for new idenitifiers to be added to the watchlist on an ad-hoc basis. The watchlist will then be used from a policy to identify risky behavior by any members. What is best way to incorporate a file-b...
12 Mar, 18:45 JasonBlue17
0
votes
0
answers
225
views

Unchanged terminated users records are updated upon each import

What would cause virtually every terminated user's record to be updated on each import even though no changes were made in the source data, and how to correct? Problem details: Upon every user import, over 26K users are reported as having been updated. However, the source data show that all but a fe...
12 Mar, 17:48 JasonBlue17
0
votes
1
answer
305
views

how to update configuration of child node

I noticed time difference between imported activity and actual time of event. I have to change time zone of Child node. Can I do this from Master?
28 Feb, 09:21 mnair71
0
votes
1
answer
305
views

Control user sync process

How can I control sync process in Master? I would like to run sync user job only once in 3 hours.
28 Feb, 09:18 mnair71
0
votes
3
answers
812
views

How to archive data in Securonix?

How can I archive data in Securonix.
28 Feb, 09:13 mnair71
0
votes
2
answers
289
views

incremental import from DB

Hi, I’m trying to build an incremental upload for events on other data source I wrote the following query for the import in order to have only first 30 seconds – select * from cartis.CARDS_MESSAGES_RO4 where timestamp_peula > to_date('01-jan-2015 00:00:00', 'DD-MON-YYYY HH24:MI:SS') and timestamp...
26 Feb, 03:35 acohen15
0
votes
2
answers
742
views

Upgrade Securonix

How to upgrade/update Securonix to the latest version. Our current version is 4.0b Build:20121102
02 Feb, 06:36 Praful ♦♦126
0
votes
1
answer
372
views

Can I install Securonix on a box running OpenJDK?

Hi, I have a of test box running on Ubuntu 12.04. I spent some time searching how to install Oracle’s JDK (as it is only available from a PPA). I'm just curious and I did not try it but, does Securonix support OpenJDK? Cheers,
01 Feb, 04:57 tgulati ♦♦196
0
votes
0
answers
292
views

What does the lock symbol do under "User Defined Policies"?

Some User Defined Policies have the lock symbol next to them, what is the purpose of the symbol and can they be locked?
07 Jan, 21:43 jmcnary15
0
votes
1
answer
418
views

Procedure for handling temp or ._ files in war and tomcat directory

We see ._<filename> under various folders in tomcat directory and Profiler War directory. What is the recommended procedure to deal with these files. Should we delete them or do nothing
19 Dec '14, 18:06 anjan ♦♦111
0
votes
1
answer
1.4k
views

How to run incremental behavior based outliers in 4.6.10?

Running the behavior based activity outliers has been made pretty simple in Securonix. Instead of choosing start date and end date, the first job itself can be run as incremental. In the start date option, choose the date from which you want to run the behavior outliers. Eg, choosing the start date ...
14 Dec '14, 22:47 Praful ♦♦126
0
votes
1
answer
412
views

Support for International Languages

How to enable support for Hebrew and Japanese language in Securonix.
06 Dec '14, 15:13 Praful ♦♦126
0
votes
1
answer
670
views

Bigram Comparator

How does Bigram comparator function under the Correlation rule compare data?
04 Dec '14, 20:17 tgulati ♦♦196
0
votes
1
answer
396
views

Why we have to use transactionstring1 for activity related info

Why we have to use transactionstring1 for activity related info
25 Nov '14, 22:08 Praful ♦♦126
0
votes
1
answer
390
views

Threat categories

How are the threat categories identified on the left hand side of the main page ?
20 Nov '14, 19:07 Praful ♦♦126
0
votes
1
answer
373
views

notifications

How are the mail notification configured on securonix?
20 Nov '14, 18:59 Praful ♦♦126
posts per page153050