cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
603
Views
0
Helpful
2
Replies

Cisco IPS (global correlation) is downloading lots of updates from the iron-port website

anil.gupta3
Level 1
Level 1

I have query on Global correlation.
 
Following is the observed behavior
 
Scenario 1:
 
Global Correlation Inspection: ON (Standard)
Reputation Filter: ON
Result: Global correlation downloads in bytes or KBs (observed on proxy)

Scenario 2:
 
Global Correlation Inspection: OFF
Reputation Filter: ON
Result: Global correlation downloads 4-5 MB every 5 Minutes (observed on proxy)
 
 
This behavior has been observed on both IPS devices one by one. What we wanted the clarity on is why is does global correlation download so much of data when it is OFF, and downloads only minimal data when ON. The equation does not seem to be right.

 

Request you for your prompt response.

Regards,

Neal

 

2 Replies 2

anil.gupta3
Level 1
Level 1

Request forum member to please help on the question..

Any help is welcome..

Regards,

Neal

jason.loera
Level 1
Level 1

Both global correlation and reputation filtering retrieve updates from the SensorBase network, or IronPort. By default, they communicate with the network every five minutes. This value cannot be changed by the IPS administrator.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: