3 Replies Latest reply on May 18, 2015 10:21 AM by poezie

    Dashboard or Report for data sources and child data sources not communicating into the SIEM ESM




      Has anyone been able to figure out how to report or create a dashboard to view all parent or child data sources who no longer are communicating into the ESM ?


      We have 1000's of MS Windows systems reporting into the ESM using the Windows event collection agent and at times even though the service continues to run the communication between the agent and the ERC fails.


      I know that a yellow flag shows up on the data source but there are lots of false positives when using child data sources, also if you have 1000's of agents spread around in the ESM getting a consolidated view of these broken agents would be an asset in resolving the issues


      Please help!