FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff
Article Id 190432

Description

Summary of Topic

This article describes a common issue with the Epilog/Snare sending excessive events to AO.

 

When using Snare Epilog to collect DHCP event logs from a Windows 2012 server there is a possibility that you may have a large excessive amount of events per hour being sent to AO.  This behavior is abnormal and is not proper, especially in an environment with low traffic.

 

Solution

This behavior is currently a bug with Snare Epilog Version: 1.6

The recommended Version at this time to resolve this issue is to utilize Version: 1.5.6.1

 

Additional Information

N/A

 

Version Application

All



 
Contributors