05-13-2014 01:40 AM - edited 03-10-2019 06:11 AM
I have query on Global correlation.
Following is the observed behavior
Scenario 1:
Global Correlation Inspection: ON (Standard)
Reputation Filter: ON
Result: Global correlation downloads in bytes or KBs (observed on proxy)
Scenario 2:
Global Correlation Inspection: OFF
Reputation Filter: ON
Result: Global correlation downloads 4-5 MB every 5 Minutes (observed on proxy)
This behavior has been observed on both IPS devices one by one. What we wanted the clarity on is why is does global correlation download so much of data when it is OFF, and downloads only minimal data when ON. The equation does not seem to be right.
Request you for your prompt response.
Regards,
Neal
05-21-2014 11:14 PM
Request forum member to please help on the question..
Any help is welcome..
Regards,
Neal
05-27-2014 10:23 AM
Both global correlation and reputation filtering retrieve updates from the SensorBase network, or IronPort. By default, they communicate with the network every five minutes. This value cannot be changed by the IPS administrator.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide