Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[ES] Threat endpoints not synchronized with SIP in version 3.5.24 and above.

Posted
Updated
Byadmin
Views1

Problem Description

After docking with SIP in ES version 3.5.24 or above, it was observed that some threat terminals within the response center cannot query the security logs synchronized by ES on SIP.

Effective Troubleshooting Steps

View version 3.5.24 or higher. And only the advanced threat module has not synchronized terminal critical threat events.

Solution

The advanced threat module in versions prior to 3.5.24 mainly refers to PowerShell execution logs, which can be synchronized to SIP.

Starting from version 3.5.24, the advanced threat module mainly displays the relevant events detected by the IOC and IOA engines. These event will not be reported to SIP for display.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=16&amp;type=1&amp;category_id=2857&amp;isOpen=true