[Cyber Command] Lateral access analysis is empty
Problem Description
There is no data from horizontal analysis and normal outreach, and the device has been on the shelf for several months.
Effective troubleshooting steps
- Check the logs to retrieve external and horizontal data. There is very little data.
- Check that all directions of network traffic in the log configuration are checked, and no corresponding whitelist is configured and only unclassified assets are selected for filteringAsset
Root cause
- STA is connected to the standard mode of Cyber Command, and the normal access log is not checked (both normal external access and normal lateral access are extracted log retrieval network traffic log analysis)
solution
Check the normal access traffic solution
Suggestions and Conclusion
When normal access traffic is selected, the log volume will increase significantly, and the STA and platform performance need to be considered.
Original Link
https://support.sangfor.com.cn/cases/list?product_id=24&type=1&category_id=9903&isOpen=true