Accumulation of SQL timeout events caused by a third-party SIEM application
Last Modified: 2022-08-05 12:08:11 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Accumulation of SQL timeout events caused by a third-party SIEM application
Technical Articles ID:
KB86572
Last Modified: 2022-08-05 12:08:11 Etc/GMT EnvironmentePolicy Orchestrator (ePO) 5.x
ProblemThere's a large accumulation of events in the
You frequently find the following errors in the Event Parser logs:
The above are all generic SQL timeout events that can have many possible causes.
System ChangeYou integrated a third-party Security Information and Event Management (SIEM), such as
Cause
The SIEM has a persistent lock on one or more event tables in the ePO database. On a busy ePO server, these tables are constantly being written to. So, a short-term lock can result in many events getting backlogged in the ePO installation directory.
Solution
By design, if an event fails to parse because of an SQL timeout error, it's requeued and tried again. If the problem is persistent, you must contact the vendor for the SIEM for further assistance. This article doesn't apply in either of the following scenarios:
Affected ProductsLanguages:This article is available in the following languages: |
|