Hello, Yes I am aware of the article and double-checked. It isn't the fictitious source IP, but IP of the antivirus, siem etc.
------------------------------
Sabajete Elezaj
SNT Albania
------------------------------
Original Message:
Sent: 11-20-2019 02:05
From: cezmi çal
Subject: What to suggest to client, for agent throughput optimization?
There is a knowledgebase article about the issue. It may be relevant with this. KB link is https://imperva.my.salesforce.com/kA3D0000000CeE4?popup=true
------------------------------
cezmi çal
technical expert
Barikat Cyber Security
Original Message:
Sent: 11-15-2019 06:16
From: Sabajete Elezaj
Subject: What to suggest to client, for agent throughput optimization?
Will do.
Thank you :)
------------------------------
Sabajete Elezaj
SNT Albania
Original Message:
Sent: 11-14-2019 16:18
From: Phil Klassen
Subject: What to suggest to client, for agent throughput optimization?
That is very strange. The only thing I can think of is that interface that the IP is using to access the DB is not defined as a data channel under the agent.
The other thing I can think of - This isnt an RDP connection is it - those are seen as local connections
You may need to open a case if neither of those help
------------------------------
Phil Klassen
Original Message:
Sent: 11-14-2019 06:43
From: Sabajete Elezaj
Subject: What to suggest to client, for agent throughput optimization?
Only IP, i tried on lab with some process names and paths, but no luck.
------------------------------
Sabajete Elezaj
SNT Albania
Original Message:
Sent: 11-13-2019 12:08
From: Phil Klassen
Subject: What to suggest to client, for agent throughput optimization?
was there any other match criteria besides IP
------------------------------
Phil Klassen
Original Message:
Sent: 11-13-2019 10:18
From: Sabajete Elezaj
Subject: What to suggest to client, for agent throughput optimization?
Agent Criteria Rules do not seem to work. The client still gets events from excluded IP, tried in lab also. :/
------------------------------
Sabajete Elezaj
SNT Albania
Original Message:
Sent: 11-13-2019 08:46
From: Phil Klassen
Subject: What to suggest to client, for agent throughput optimization?
Yes, if you look at the AMR's you will see the first few are agent criteria rules. This means the agent can make the decision to exclude without needing the GW to make the decision. These are the most effective. The main suspects for excessive traffic are DB maintenance jobs - if we can isolate the source you might be able to configure the source IP or process ID. Any way the agent criteria rules are the most effective
------------------------------
Phil Klassen
Original Message:
Sent: 11-13-2019 07:06
From: Sabajete Elezaj
Subject: What to suggest to client, for agent throughput optimization?
The client wants to decrease the throughput of agent - gateway traffic. Even with agent monitoring rules, the agent sends data to the gateway for a decision. Any suggestions?
#DatabaseActivityMonitoring
------------------------------
Sabajete Elezaj
SNT Albania
------------------------------