cancel
Showing results for 
Search instead for 
Did you mean: 
oswaldd
Level 7

ERC Auto Learn

Hi

Having big issues with setting up this ERC 9.6 MR4.  Still no luck.

My client want to Auto Learn all the data sources. I have noticed that even all the Auto Learn setup as '0' it will automatically disable.  Then I have to enable it again manually. Some times when it refresh it shows as Enabled. Sometimes when I enabl the MEF type  then the Syslog will disable. Really not consistance all the time. Is anyone has experienced this sort of issues and what's the best way to configure the AUTO LEARN.  It's NOT as easy as just enable the option.  ERC not auto learn most of the times.  Also my client want to auto learn all the SIEM Collector logs from  all Windows boxes. Not working AT ALL.

Please anyone can give me  some directions.

0 Kudos
2 Replies
vinaya_k
Level 9

Re: ERC Auto Learn

Hi,

I'm running v9.6.0 MR5 20160901 and I'm not facing the issue.

Also ERC will only autolearn syslog sources, flows, MEF and windows only if they are forwarded as MEF or if you're forwarding them as syslog using snare or else receiver won't recognize any windows devices if you want to use WMI nor any databases.

Regards,

Vinaya.

0 Kudos
catdaddy
Level 20

Re: ERC Auto Learn

Moved from Community Support > (Siem)> Discussions

For better assistance

Cliff

Moderator

Consumer Products

Cliff
McAfee Volunteer
0 Kudos