0
votes
1
answer
4
views

Why we have to use transactionstring1 for activity related info

Why we have to use transactionstring1 for activity related info
10 hours ago Praful ♦♦126
0
votes
1
answer
17
views

Threat categories

How are the threat categories identified on the left hand side of the main page ?
20 Nov, 19:07 Praful ♦♦126
0
votes
1
answer
17
views

notifications

How are the mail notification configured on securonix?
20 Nov, 18:59 Praful ♦♦126
0
votes
1
answer
19
views

Incidents and its status

How are the case status decided for incidents?
20 Nov, 16:28 Praful ♦♦126
0
votes
1
answer
32
views

Bigram Comarator

How does Bigram comparator function under the Correlation rule compare data?
20 Nov, 16:10 anjan ♦♦111
0
votes
1
answer
19
views

LDAP referral settings

What should the LDAP referral settings be. any recommendations?
20 Nov, 16:04 anjan ♦♦111
0
votes
1
answer
24
views

Enabling Data Clean Up Jobs - 4.6 (Housekeeping)

How do I create a data clean up job to delete old files (files older than 'x' days) on the server in 4.6?
14 Nov, 16:25 Aditya90
0
votes
1
answer
35
views

Experience with McAfee hDLP?

Initiating intelligence efforts are McAfee ePO's host DLP, initially for exfiltration and then expand to include deep-scans for various indicators. After review of data, planning to bring in DLP_EventView's ComputerName, FocusDisplay, EventRowID, EventTypeDisplayName, OriginalEvidenceListSize, Onlin...
14 Nov, 02:21 tgulati ♦♦161
0
votes
1
answer
58
views

How can we convert the logs in to particular time zone from application in the Resources monitor activity?

How can we convert the logs in to particular time zone from application in the Resources monitor activity? like i have set EST Time ZONE in my application and EST time zone in my db if i want to convert particular resource groups logs in to UTC how i can achieve that? Sample Log Feed:- Oct 25 00:11:...
10 Nov, 15:26 Praful ♦♦126
0
votes
3
answers
463
views

Incremental import for MS SQL logs

I am trying to import logs from MS SQL Database incrementally. I have set the Increment field Name as "Date", Type as "Date" and format as "mm/dd/yyyy". But import is not happening incrementally. What is the condition field to be specified for incremental import.
09 Nov, 21:14 Praful ♦♦126
0
votes
1
answer
37
views

net.sf.jasperreports.engine.fill.JRExpressionEvalException while running report

11:35:30,495 ERROR JRFillSubreport:774 - Fill 1: exception net.sf.jasperreports.engine.fill.JRExpressionEvalException: Error evaluating expression : Source text : new java.lang.Integer(1) at net.sf.jasperreports.engine.fill.JREvaluator.evaluateEstimated(JREvaluator.java:308) at net.sf.jasperrepo...
07 Nov, 01:29 adhabale11
0
votes
1
answer
35
views

Enabling Third Party Intelligence based Policies

How do we create policies that uses third party intelligence data in Securonix 4.6 for activity logs based policy?
05 Nov, 11:46 Aditya90
0
votes
1
answer
33
views

How to move securonixwarm to another partition

Securonix's database partition is tight on space. Moving securonixwarm to another partition would address the issue.
05 Nov, 11:00 JasonBlue15
0
votes
1
answer
54
views

Can we customize menu in Securonix 4.6?

Can we customize menu in Securonix 4.6?
03 Nov, 00:46 Praful ♦♦126
0
votes
1
answer
384
views

New category is not getting displayed on dashboard

While creating a policy I create new Category. But that New category is not getting displayed on dashboard. I can see threats on threat dashboard.
03 Nov, 00:42 Praful ♦♦126
0
votes
2
answers
64
views

What are the steps to import ArcSight data in Profiler 4.6 ?

How do we configure and import ArcSight CEF data in 4.6?
03 Nov, 00:31 Praful ♦♦126
0
votes
1
answer
57
views

Memory leak warnings or errors during tomcat start up

I am seeing a few memory leak errors / warnings during tomcat start up. The warnings or error messages are one of the following - The web application created a thread local.... thread local forcibly removed. The web application seems to have started a thread named ..... Because of these errors, ...
31 Oct, 03:47 Aditya90
0
votes
1
answer
49
views

No files to import - Arcsight CEF data import - Profiler 4.6

I am trying to import ArcSight CEF data in Profiler 4.6 and the application says that there are no files to import. There are new lines in the input file and the processed file is present in the source directory. How do we resolve this ?
31 Oct, 03:26 Aditya90
0
votes
1
answer
49
views

FileNotFoundException - ArcSight CEF data import ( application looks for the file under conf folder)

I am seeing a file not found exception while importing ArcSight CEF data in 4.6. The application looks for the file under $SECURONIX_HOME/conf/ folder. How do we resolve this?
31 Oct, 03:19 Aditya90
0
votes
2
answers
129
views

SOLR Indexing Error: Lock obtain timed out

There is an error obtained while creating a core in the application. The error is seen in the securonix.log. The error is similar to the one below. 05:18:26,435 DEBUG [ConfigController] saveTPICore - [corecriticality:0.2, mentry:, token_val:a27ff44b-a30e-4d00-87ba-a07348a2c06a, org.codehaus.groovy....
31 Oct, 02:50 anjan ♦♦111
0
votes
1
answer
54
views

How do we connect the application to LDAP using SSL connection ?

What are the pre-requisites for connecting the application to import data from LDAP using SSL Connections?
30 Oct, 13:20 anjan ♦♦111
0
votes
1
answer
43
views

Null Pointer Exception While Importing Data - File Import

Facing null pointer exceptions while importing from a file. The job was a user import job with the employeeID column containing non-null values. 10:33:24,246 ERROR [QuartzJob] Error in job execution: Import-Users-1 com.securonix.application.exception.matcher.MatcherReaderException: ERROR IMPORTING ...
29 Oct, 14:08 Aditya90
0
votes
3
answers
108
views

What is best way to import a watchlist?

Been given a flat file of employee identifiers to be used as one of our watchlists; requirements are for new idenitifiers to be added to the watchlist on an ad-hoc basis. The watchlist will then be used from a policy to identify risky behavior by any members. What is best way to incorporate a file-b...
23 Oct, 00:07 tgulati ♦♦161
0
votes
2
answers
111
views

Configuration of arcsight preprocessor

I am trying to configure CEF formatted logs in 4.6. Even though i configured data source as Arcsight (CEF) device, in logs its showing me "ArcSight CEF? False" and arcsight pre-processor is not getting called. Is there any other file where we need to configure this in 4.6.
15 Oct, 14:20 anjan ♦♦111
0
votes
2
answers
76
views

How Do i avoid Broken Pipe Error in Securonix.log

How do you avoid Broken Pipe Exceptions which are logged in Securonix.log
15 Oct, 13:34 anjan ♦♦111
0
votes
1
answer
92
views

How does Securonix integrate with Sailpoint ?

How Does Securonix Integrate with Sailpoint ?
15 Oct, 10:30 mnair71
0
votes
1
answer
118
views

Receiving - LDAP NamingException error, Please check the configurations - while importing users.

While importing users, I created a connection type to the AD using LDAP connections. Following were my settings: Hostname ldap://ldap.abc.com:389 Base Context DC=cs,DC=myabc,DC=net Specify the DNS name prefexed with DC. Example: DC=Americas,DC=securonix,DC=com Filter (&(objectCategory=person)(ob...
13 Oct, 22:53 Aditya90
0
votes
1
answer
103
views

unknown host name exception while starting application

I am getting following exception while starting application. 15:44:41,540 WARN [CreateCacheUtil] Error obtaining local Ip java.net.UnknownHostException: labseconix701.int.asurion.lab: labseconix701.int.asurion.lab: Name or service not known at java.net.InetAddress.getLocalHost(InetAddress.java:1473...
08 Oct, 05:21 Praful ♦♦126
1
vote
1
answer
110
views

Clustering Procedure - Master Child Architecture

The following are the steps we followed for setting up Master-Child Architecture. First make sure you have the latest version of Profiler 4.6.8 Build:20140918 and up. After successfully installing the application on all the servers and right before you start up tomcat on the servers do the following...
07 Oct, 07:41 Aditya90
0
votes
1
answer
122
views

getting exception while running suspect check in 4.6

I am getting following exception while running "Account performing activity never conducted before and it flagged wrong user. org.apache.solr.client.solrj.SolrServerException: Server at http://localhost:8080/Profiler/trackingDistinctAccount sent back a redirect (302). at org.apache.solr.client.solr...
02 Oct, 16:41 Praful ♦♦126
posts per page153050