This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

ESA Alerts Graph shows Unevenly

pranavsankar1
Beginner
Beginner

‎2016-06-01 10:57 AM

Hi All,

 

According to our SA setup we have two locations say A and B(Recovery). The Alerts in location A gave the same output with location B with small-scale time difference say 5-10 mts. But when i checked in both locations the ESA Alerts graph shows unevenly. What could be the possible reasons and what all ways i can troubleshoot the same??

 

Thanks in advance

 

Pranav

0 Likes
5 REPLIES 5

DavidWaugh1
Employee
Employee

‎2016-06-02 06:13 AM

Hi could you post a screenshot of the graphs from both sites so we can compare.

 

I would check that the times on all systems are in synched to the same NTP source.

0 Likes

pranavsankar1
Beginner
Beginner

‎2016-06-02 09:16 AM

Hi Dave ,

 

I have taken the time stamps for both graphs as half an hour.Eventhough i can see slightly difference for both.

PFB screen shot.

Location  A

pastedImage_6.png

 

Location B

 

pastedImage_5.png

0 Likes

DavidWaugh1
Employee
Employee
In response to pranavsankar1

‎2016-06-02 09:46 AM

Have you got exactly the same rules deployed on both system?

Are the same concentrators feeding into to both systems?

0 Likes

pranavsankar1
Beginner
Beginner
In response to DavidWaugh1

‎2016-06-02 10:13 AM

Yes dave for different locations we have deployed same rules only .

Nope we have different concentrators feeding for both locations.

0 Likes

DavidWaugh1
Employee
Employee

‎2016-06-02 12:06 PM

I would check in investigator that the same traffic is going through both concentrators. Different traffic is going to produce different results in ESA.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.