2 Replies Latest reply on Oct 20, 2016 4:02 AM by catdaddy

    ERC Auto Learn

    oswaldd

      Hi

      Having big issues with setting up this ERC 9.6 MR4.  Still no luck.

       

      My client want to Auto Learn all the data sources. I have noticed that even all the Auto Learn setup as '0' it will automatically disable.  Then I have to enable it again manually. Some times when it refresh it shows as Enabled. Sometimes when I enabl the MEF type  then the Syslog will disable. Really not consistance all the time. Is anyone has experienced this sort of issues and what's the best way to configure the AUTO LEARN.  It's NOT as easy as just enable the option.  ERC not auto learn most of the times.  Also my client want to auto learn all the SIEM Collector logs from  all Windows boxes. Not working AT ALL.

       

      Please anyone can give me  some directions.

        • 1. Re: ERC Auto Learn
          vinaya_k

          Hi,

           

          I'm running v9.6.0 MR5 20160901 and I'm not facing the issue.

           

          Also ERC will only autolearn syslog sources, flows, MEF and windows only if they are forwarded as MEF or if you're forwarding them as syslog using snare or else receiver won't recognize any windows devices if you want to use WMI nor any databases.

           

          Regards,

           

          Vinaya.

          • 2. Re: ERC Auto Learn
            catdaddy

            Moved from Community Support > (Siem)> Discussions

            For better assistance

             

            Cliff

            Moderator

            Consumer Products