Solved: Anomaly Detection

Diego Armando Cambronero Arias · ‎02-09-2010

Guys,

I need to create my KB because the current is very very old ( 09:59:59 GMT-06:00 Tue Sep 22 2009 ) When I try to save it manually with the command

anomaly-detection vs0 save MYKB I get an error that says: Attack in progress

I need to create a new KB and load it because the Rotate methot is not working since the last KB is very old. I thisk it's not working because there is an attack ALWAYS.

Can I save a load a KB file manually even if there is an attack in progress?

If not, How can I fix my problem

Thanks,

DiegoCR CCSP

johan.kellerman · ‎02-09-2010

Hi Diego

You can fix this by:

Turn the anomaly detection off (operational-mode inactive)
Erase/copy/load the files you need and start the anomaly detection or preferably put the sensor in learning accept mode (operational-mode learn) and wait for 24 hours.

Br

Johan Kellerman

View solution in original post

johan.kellerman · ‎02-09-2010

Hi Diego

You can fix this by:

Turn the anomaly detection off (operational-mode inactive)
Erase/copy/load the files you need and start the anomaly detection or preferably put the sensor in learning accept mode (operational-mode learn) and wait for 24 hours.

Br

Johan Kellerman

Diego Armando Cambronero Arias · ‎02-09-2010

Thank you very much. I just release that I'm seeing unidirectional traffic so I will turn AD off.