0
votes
1
answer
50
views

Watchlist functionality and usage

Can someone share their experience working with the watchlists, what exactly happens when users are added to a watchlist? I am in need of giving the security analysts (who do not have admin privileges in Securonix) the ability to update watchlists. The analysts want to assign a high risk score to ce...
27 Apr, 15:44 mnair71
0
votes
3
answers
71
views

UniversalForwarder freezes after java.lang.OutOfMemoryError: GC overhead limit exceeded

We're finding the UniversalForwarder (UL) freezes up after Java garbage collection out of memory errors. Our current Java command line to start UL is as follows: java -jar $SECURONIX_HOME/agent/UniversalForwarder.jar -server -Xms16g -Xmx20g -XX:+UseG1GC -XX:MaxPermSize=512m -XX:+AggressiveOpts -XX:+...
22 Apr, 16:03 Aditya90
0
votes
1
answer
45
views

Migrating exploded Profiler.war from webapps to another Tomcat server.

How to migrate the exploded Profiler.war (Profiler folder) from webapps to another server's webapps folder?
21 Apr, 21:20 AKadakia15
0
votes
1
answer
156
views

top N charts are not getting displayed on master child architecture

I have created a datasource and enable top N charts . Datasource is configured on Child node. I have imported activities but top N chart showing 'No data to display' message on chart. How can I resolve this?
01 Apr, 03:08 Praful ♦♦126
0
votes
1
answer
147
views

users are not getting synced with child nodes

I configured master child architecture, But Users are not getting synced with child nodes? How can I debug this?
01 Apr, 03:02 Praful ♦♦126
0
votes
1
answer
229
views

Uncorrelated User Account Status ="Suspended"

We imported access entitlements for various applications in GE Capital, but some apps have uncorrelated users whose Account Status = "Suspended." Other uncorrelated users in that same app have Account Status = "Active." What does this mean exactly, and how is Securonix pulling this information when ...
01 Apr, 02:00 Praful ♦♦126
0
votes
3
answers
288
views

Tracking identity enablement/disablement

In our identity feed, we have a flag indicating if userid is enabled or disabled. I want changes to this flag's state to affect the user table's dateenabled and datedisabled fields. I could do it via a scheduled SQL function on the server side, such as check flag status and if current state's time s...
18 Mar, 15:43 JasonBlue17
0
votes
5
answers
574
views

What is best way to import a watchlist?

Been given a flat file of employee identifiers to be used as one of our watchlists; requirements are for new idenitifiers to be added to the watchlist on an ad-hoc basis. The watchlist will then be used from a policy to identify risky behavior by any members. What is best way to incorporate a file-b...
12 Mar, 18:45 JasonBlue17
0
votes
0
answers
91
views

Unchanged terminated users records are updated upon each import

What would cause virtually every terminated user's record to be updated on each import even though no changes were made in the source data, and how to correct? Problem details: Upon every user import, over 26K users are reported as having been updated. However, the source data show that all but a fe...
12 Mar, 17:48 JasonBlue17
0
votes
1
answer
160
views

how to update configuration of child node

I noticed time difference between imported activity and actual time of event. I have to change time zone of Child node. Can I do this from Master?
28 Feb, 09:21 mnair71
0
votes
1
answer
162
views

Control user sync process

How can I control sync process in Master? I would like to run sync user job only once in 3 hours.
28 Feb, 09:18 mnair71
0
votes
3
answers
564
views

How to archive data in Securonix?

How can I archive data in Securonix.
28 Feb, 09:13 mnair71
0
votes
2
answers
131
views

incremental import from DB

Hi, I’m trying to build an incremental upload for events on other data source I wrote the following query for the import in order to have only first 30 seconds – select * from cartis.CARDS_MESSAGES_RO4 where timestamp_peula > to_date('01-jan-2015 00:00:00', 'DD-MON-YYYY HH24:MI:SS') and timestamp...
26 Feb, 03:35 acohen15
0
votes
2
answers
507
views

Upgrade Securonix

How to upgrade/update Securonix to the latest version. Our current version is 4.0b Build:20121102
02 Feb, 06:36 Praful ♦♦126
0
votes
1
answer
181
views

Can I install Securonix on a box running OpenJDK?

Hi, I have a of test box running on Ubuntu 12.04. I spent some time searching how to install Oracle’s JDK (as it is only available from a PPA). I'm just curious and I did not try it but, does Securonix support OpenJDK? Cheers,
01 Feb, 04:57 tgulati ♦♦196
0
votes
0
answers
172
views

What does the lock symbol do under "User Defined Policies"?

Some User Defined Policies have the lock symbol next to them, what is the purpose of the symbol and can they be locked?
07 Jan, 21:43 jmcnary15
0
votes
1
answer
223
views

Procedure for handling temp or ._ files in war and tomcat directory

We see ._<filename> under various folders in tomcat directory and Profiler War directory. What is the recommended procedure to deal with these files. Should we delete them or do nothing
19 Dec '14, 18:06 anjan ♦♦111
0
votes
1
answer
1.3k
views

How to run incremental behavior based outliers in 4.6.10?

Running the behavior based activity outliers has been made pretty simple in Securonix. Instead of choosing start date and end date, the first job itself can be run as incremental. In the start date option, choose the date from which you want to run the behavior outliers. Eg, choosing the start date ...
14 Dec '14, 22:47 Praful ♦♦126
0
votes
1
answer
257
views

Support for International Languages

How to enable support for Hebrew and Japanese language in Securonix.
06 Dec '14, 15:13 Praful ♦♦126
0
votes
1
answer
356
views

Bigram Comparator

How does Bigram comparator function under the Correlation rule compare data?
04 Dec '14, 20:17 tgulati ♦♦196
0
votes
1
answer
242
views

Why we have to use transactionstring1 for activity related info

Why we have to use transactionstring1 for activity related info
25 Nov '14, 22:08 Praful ♦♦126
0
votes
1
answer
251
views

Threat categories

How are the threat categories identified on the left hand side of the main page ?
20 Nov '14, 19:07 Praful ♦♦126
0
votes
1
answer
217
views

notifications

How are the mail notification configured on securonix?
20 Nov '14, 18:59 Praful ♦♦126
0
votes
1
answer
215
views

Incidents and its status

How are the case status decided for incidents?
20 Nov '14, 16:28 Praful ♦♦126
0
votes
1
answer
286
views

LDAP referral settings

What should the LDAP referral settings be. any recommendations?
20 Nov '14, 16:04 anjan ♦♦111
0
votes
1
answer
335
views

Enabling Data Clean Up Jobs - 4.6 (Housekeeping)

How do I create a data clean up job to delete old files (files older than 'x' days) on the server in 4.6?
14 Nov '14, 16:25 Aditya90
0
votes
1
answer
300
views

Experience with McAfee hDLP?

Initiating intelligence efforts are McAfee ePO's host DLP, initially for exfiltration and then expand to include deep-scans for various indicators. After review of data, planning to bring in DLP_EventView's ComputerName, FocusDisplay, EventRowID, EventTypeDisplayName, OriginalEvidenceListSize, Onlin...
14 Nov '14, 02:21 tgulati ♦♦196
0
votes
1
answer
8.1k
views

How can we convert the logs in to particular time zone from application in the Resources monitor activity?

How can we convert the logs in to particular time zone from application in the Resources monitor activity? like i have set EST Time ZONE in my application and EST time zone in my db if i want to convert particular resource groups logs in to UTC how i can achieve that? Sample Log Feed:- Oct 25 00:11:...
10 Nov '14, 15:26 Praful ♦♦126
0
votes
3
answers
721
views

Incremental import for MS SQL logs

I am trying to import logs from MS SQL Database incrementally. I have set the Increment field Name as "Date", Type as "Date" and format as "mm/dd/yyyy". But import is not happening incrementally. What is the condition field to be specified for incremental import.
09 Nov '14, 21:14 Praful ♦♦126
0
votes
1
answer
944
views

net.sf.jasperreports.engine.fill.JRExpressionEvalException while running report

11:35:30,495 ERROR JRFillSubreport:774 - Fill 1: exception net.sf.jasperreports.engine.fill.JRExpressionEvalException: Error evaluating expression : Source text : new java.lang.Integer(1) at net.sf.jasperreports.engine.fill.JREvaluator.evaluateEstimated(JREvaluator.java:308) at net.sf.jasperrepo...
07 Nov '14, 01:29 adhabale11
posts per page153050