Hi all,

I'm unable to view data on the Investigation Dashboard in order to view cases from the Active Threat Analytics feature. No data is shown on the Investigation Dashboard on the Central Manager, but data does appear on each of the Managed Units. From the Active Threat Analytics Setup page, the Analysis Status column is orange for the Central Manager and states that "Data not arrived". Any help for this issue would be greatly appreciated! 

Thank you,

------------------------------
Nathaniel Dobesh
------------------------------

Hi Nathaniel ,

Thank you for the question.

on the Active Threat Analytic (ATA) setup page, the orange status with the note "Data not arrived" means that collectors that export data to the CM (as an aggregator), didn't send any data for the outliers analysis. If the collectors have activity on them, please check that the dates are set correctly on the CM and the collectors.
Are there any other collectors managed by the CM, that do not export data to the CM? are there other aggregators?

Regarding the investigation dashboard - is the issue related only to the ATA? i.e. do you see any data in the investigation dashboard on the CM?

Regards,

------------------------------
MIRI LEVY
------------------------------

Original Message:
Sent: Wed August 05, 2020 12:02 PM
From: Nathaniel Dobesh
Subject: Active Threat Analytics Setup Troubleshooting

Hi all,

I'm unable to view data on the Investigation Dashboard in order to view cases from the Active Threat Analytics feature. No data is shown on the Investigation Dashboard on the Central Manager, but data does appear on each of the Managed Units. From the Active Threat Analytics Setup page, the Analysis Status column is orange for the Central Manager and states that "Data not arrived". Any help for this issue would be greatly appreciated! 

Thank you,

------------------------------
Nathaniel Dobesh
------------------------------

Hell Miri, 

Thank you for your response! If I were to check the dates on these systems, how would I best go about doing that? There are a total of three Collectors managed by 1 Collector/Aggregator. Also I do not see data in the Investigation Dashboard on the Central Manager. I do see data on the Investigation dashboard on all Collectors. 

Thank you,

------------------------------
Nathaniel Dobesh
------------------------------

Original Message:
Sent: Sun August 09, 2020 03:12 AM
From: MIRI LEVY
Subject: Active Threat Analytics Setup Troubleshooting

Hi Nathaniel ,

Thank you for the question.

on the Active Threat Analytic (ATA) setup page, the orange status with the note "Data not arrived" means that collectors that export data to the CM (as an aggregator), didn't send any data for the outliers analysis. If the collectors have activity on them, please check that the dates are set correctly on the CM and the collectors.
Are there any other collectors managed by the CM, that do not export data to the CM? are there other aggregators?

Regarding the investigation dashboard - is the issue related only to the ATA? i.e. do you see any data in the investigation dashboard on the CM?

Regards,

------------------------------
MIRI LEVY

Original Message:
Sent: Wed August 05, 2020 12:02 PM
From: Nathaniel Dobesh
Subject: Active Threat Analytics Setup Troubleshooting

Hi all,

I'm unable to view data on the Investigation Dashboard in order to view cases from the Active Threat Analytics feature. No data is shown on the Investigation Dashboard on the Central Manager, but data does appear on each of the Managed Units. From the Active Threat Analytics Setup page, the Analysis Status column is orange for the Central Manager and states that "Data not arrived". Any help for this issue would be greatly appreciated! 

Thank you,

------------------------------
Nathaniel Dobesh
------------------------------

To see time zone and time settings on a Guardium appliance use CLI commands :
show system clock datetime
show system clock timezone

It is recommended to configure ntp - look in the manuals how this is done.
If collectors and CM are not on the same time it can cause the  other issue that data you see on collector for Last 1 hour will show on CM with different time criteria.
Please set the time configuration first and then see.

------------------------------
GUY GALIL
------------------------------

Original Message:
Sent: Tue August 11, 2020 09:59 AM
From: Nathaniel Dobesh
Subject: Active Threat Analytics Setup Troubleshooting

Hell Miri, 

Thank you for your response! If I were to check the dates on these systems, how would I best go about doing that? There are a total of three Collectors managed by 1 Collector/Aggregator. Also I do not see data in the Investigation Dashboard on the Central Manager. I do see data on the Investigation dashboard on all Collectors. 

Thank you,

------------------------------
Nathaniel Dobesh

Original Message:
Sent: Sun August 09, 2020 03:12 AM
From: MIRI LEVY
Subject: Active Threat Analytics Setup Troubleshooting

Hi Nathaniel ,

Thank you for the question.

on the Active Threat Analytic (ATA) setup page, the orange status with the note "Data not arrived" means that collectors that export data to the CM (as an aggregator), didn't send any data for the outliers analysis. If the collectors have activity on them, please check that the dates are set correctly on the CM and the collectors.
Are there any other collectors managed by the CM, that do not export data to the CM? are there other aggregators?

Regarding the investigation dashboard - is the issue related only to the ATA? i.e. do you see any data in the investigation dashboard on the CM?

Regards,

------------------------------
MIRI LEVY

Original Message:
Sent: Wed August 05, 2020 12:02 PM
From: Nathaniel Dobesh
Subject: Active Threat Analytics Setup Troubleshooting

Hi all,

I'm unable to view data on the Investigation Dashboard in order to view cases from the Active Threat Analytics feature. No data is shown on the Investigation Dashboard on the Central Manager, but data does appear on each of the Managed Units. From the Active Threat Analytics Setup page, the Analysis Status column is orange for the Central Manager and states that "Data not arrived". Any help for this issue would be greatly appreciated! 

Thank you,

------------------------------
Nathaniel Dobesh
------------------------------

Hello,

I checked the time and date settings on all Guardium appliances using the commands shown above. It appears that all appliances are have the same date, time, and time zone configured correctly. Additionally, all systems are configured to use NTP already. 

Thank you,

------------------------------
Nathaniel Dobesh
------------------------------

Original Message:
Sent: Wed August 12, 2020 07:44 AM
From: GUY GALIL
Subject: Active Threat Analytics Setup Troubleshooting

To see time zone and time settings on a Guardium appliance use CLI commands :
show system clock datetime
show system clock timezone

It is recommended to configure ntp - look in the manuals how this is done.
If collectors and CM are not on the same time it can cause the  other issue that data you see on collector for Last 1 hour will show on CM with different time criteria.
Please set the time configuration first and then see.

------------------------------
GUY GALIL

Original Message:
Sent: Tue August 11, 2020 09:59 AM
From: Nathaniel Dobesh
Subject: Active Threat Analytics Setup Troubleshooting

Hell Miri, 

Thank you for your response! If I were to check the dates on these systems, how would I best go about doing that? There are a total of three Collectors managed by 1 Collector/Aggregator. Also I do not see data in the Investigation Dashboard on the Central Manager. I do see data on the Investigation dashboard on all Collectors. 

Thank you,

------------------------------
Nathaniel Dobesh

Original Message:
Sent: Sun August 09, 2020 03:12 AM
From: MIRI LEVY
Subject: Active Threat Analytics Setup Troubleshooting

Hi Nathaniel ,

Thank you for the question.

on the Active Threat Analytic (ATA) setup page, the orange status with the note "Data not arrived" means that collectors that export data to the CM (as an aggregator), didn't send any data for the outliers analysis. If the collectors have activity on them, please check that the dates are set correctly on the CM and the collectors.
Are there any other collectors managed by the CM, that do not export data to the CM? are there other aggregators?

Regarding the investigation dashboard - is the issue related only to the ATA? i.e. do you see any data in the investigation dashboard on the CM?

Regards,

------------------------------
MIRI LEVY

Original Message:
Sent: Wed August 05, 2020 12:02 PM
From: Nathaniel Dobesh
Subject: Active Threat Analytics Setup Troubleshooting

Hi all,

I'm unable to view data on the Investigation Dashboard in order to view cases from the Active Threat Analytics feature. No data is shown on the Investigation Dashboard on the Central Manager, but data does appear on each of the Managed Units. From the Active Threat Analytics Setup page, the Analysis Status column is orange for the Central Manager and states that "Data not arrived". Any help for this issue would be greatly appreciated! 

Thank you,

------------------------------
Nathaniel Dobesh
------------------------------

Next step to diagnose QS would be :
1. On CM's cli run cli>grdapi  test_solr 
Please post the file generated
2. On CM's cli run cli>support show port open <collector's ip> 8983
Port needs to be open
3. On collector's cli run cli>support show port open <CM's ip> 8983
cli>support show port open <CM's ip> 9983
ports should be open

------------------------------
GUY GALIL
------------------------------

Original Message:
Sent: Wed August 12, 2020 01:18 PM
From: Nathaniel Dobesh
Subject: Active Threat Analytics Setup Troubleshooting

Hello,

I checked the time and date settings on all Guardium appliances using the commands shown above. It appears that all appliances are have the same date, time, and time zone configured correctly. Additionally, all systems are configured to use NTP already. 

Thank you,

------------------------------
Nathaniel Dobesh

Original Message:
Sent: Wed August 12, 2020 07:44 AM
From: GUY GALIL
Subject: Active Threat Analytics Setup Troubleshooting

To see time zone and time settings on a Guardium appliance use CLI commands :
show system clock datetime
show system clock timezone

It is recommended to configure ntp - look in the manuals how this is done.
If collectors and CM are not on the same time it can cause the  other issue that data you see on collector for Last 1 hour will show on CM with different time criteria.
Please set the time configuration first and then see.

------------------------------
GUY GALIL

Original Message:
Sent: Tue August 11, 2020 09:59 AM
From: Nathaniel Dobesh
Subject: Active Threat Analytics Setup Troubleshooting

Hell Miri, 

Thank you for your response! If I were to check the dates on these systems, how would I best go about doing that? There are a total of three Collectors managed by 1 Collector/Aggregator. Also I do not see data in the Investigation Dashboard on the Central Manager. I do see data on the Investigation dashboard on all Collectors. 

Thank you,

------------------------------
Nathaniel Dobesh

Original Message:
Sent: Sun August 09, 2020 03:12 AM
From: MIRI LEVY
Subject: Active Threat Analytics Setup Troubleshooting

Hi Nathaniel ,

Thank you for the question.

on the Active Threat Analytic (ATA) setup page, the orange status with the note "Data not arrived" means that collectors that export data to the CM (as an aggregator), didn't send any data for the outliers analysis. If the collectors have activity on them, please check that the dates are set correctly on the CM and the collectors.
Are there any other collectors managed by the CM, that do not export data to the CM? are there other aggregators?

Regarding the investigation dashboard - is the issue related only to the ATA? i.e. do you see any data in the investigation dashboard on the CM?

Regards,

------------------------------
MIRI LEVY

Original Message:
Sent: Wed August 05, 2020 12:02 PM
From: Nathaniel Dobesh
Subject: Active Threat Analytics Setup Troubleshooting

Hi all,

I'm unable to view data on the Investigation Dashboard in order to view cases from the Active Threat Analytics feature. No data is shown on the Investigation Dashboard on the Central Manager, but data does appear on each of the Managed Units. From the Active Threat Analytics Setup page, the Analysis Status column is orange for the Central Manager and states that "Data not arrived". Any help for this issue would be greatly appreciated! 

Thank you,

------------------------------
Nathaniel Dobesh
------------------------------

For some reason I'm unable to upload files to this post. I will attempt to upload the key parts of that file here for your review.

each MU has this status:

"unitType": "MU",
          "success": false,
          "description": "SSL exception was logged.",
          "recommendation": "Run CLI command support must_gather datamining_issues and contact Technical Support with the results."

the CM has this status:

"success": false,
          "description": "Collections created not properly.",
          "recommendation": "Run CLI command support must_gather datamining_issues and contact Technical Support with the results."

As for the port-related questions, all collectors and the CM show an output similar to this one for both port 8983 and 9983:

support show port open <CM_IP> 9983
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to <CM_IP>:9983.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
ok

------------------------------
Nathaniel Dobesh
------------------------------

Original Message:
Sent: Wed August 12, 2020 07:44 AM
From: GUY GALIL
Subject: Active Threat Analytics Setup Troubleshooting

To see time zone and time settings on a Guardium appliance use CLI commands :
show system clock datetime
show system clock timezone

It is recommended to configure ntp - look in the manuals how this is done.
If collectors and CM are not on the same time it can cause the  other issue that data you see on collector for Last 1 hour will show on CM with different time criteria.
Please set the time configuration first and then see.

------------------------------
GUY GALIL

Original Message:
Sent: Tue August 11, 2020 09:59 AM
From: Nathaniel Dobesh
Subject: Active Threat Analytics Setup Troubleshooting

Hell Miri, 

Thank you for your response! If I were to check the dates on these systems, how would I best go about doing that? There are a total of three Collectors managed by 1 Collector/Aggregator. Also I do not see data in the Investigation Dashboard on the Central Manager. I do see data on the Investigation dashboard on all Collectors. 

Thank you,

------------------------------
Nathaniel Dobesh

Original Message:
Sent: Sun August 09, 2020 03:12 AM
From: MIRI LEVY
Subject: Active Threat Analytics Setup Troubleshooting

Hi Nathaniel ,

Thank you for the question.

on the Active Threat Analytic (ATA) setup page, the orange status with the note "Data not arrived" means that collectors that export data to the CM (as an aggregator), didn't send any data for the outliers analysis. If the collectors have activity on them, please check that the dates are set correctly on the CM and the collectors.
Are there any other collectors managed by the CM, that do not export data to the CM? are there other aggregators?

Regarding the investigation dashboard - is the issue related only to the ATA? i.e. do you see any data in the investigation dashboard on the CM?

Regards,

------------------------------
MIRI LEVY

Original Message:
Sent: Wed August 05, 2020 12:02 PM
From: Nathaniel Dobesh
Subject: Active Threat Analytics Setup Troubleshooting

Hi all,

I'm unable to view data on the Investigation Dashboard in order to view cases from the Active Threat Analytics feature. No data is shown on the Investigation Dashboard on the Central Manager, but data does appear on each of the Managed Units. From the Active Threat Analytics Setup page, the Analysis Status column is orange for the Central Manager and states that "Data not arrived". Any help for this issue would be greatly appreciated! 

Thank you,

------------------------------
Nathaniel Dobesh
------------------------------