Enterprise Security Manager doesn't receive logs from the ePO Database after you upgrade to 5.10 or later
Last Modified: 2022-11-22 09:56:59 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Enterprise Security Manager doesn't receive logs from the ePO Database after you upgrade to 5.10 or later
Technical Articles ID:
KB91712
Last Modified: 2022-11-22 09:56:59 Etc/GMT Environment
SIEM Enterprise Security Manager 11.x ePolicy Orchestrator (ePO) 5.10 or later Problem
When you upgrade your ePO server to 5.10 or later, SIEM no longer receives or displays events from ePO.
Cause
In ePO 5.10, the database is split and a new Solution
Make sure that the SQL user that you're using to connect to the ePO database has read permissions on the IMPORTANT: Continue to configure SIEM to connect to the full ePO database. If you configure SIEM to connect directly to the Affected ProductsLanguages:This article is available in the following languages: |
|