05-13-2014 01:40 AM - edited 03-10-2019 06:11 AM
I have query on Global correlation.
Following is the observed behavior
Scenario 1:
Global Correlation Inspection: ON (Standard)
Reputation Filter: ON
Result: Global correlation downloads in bytes or KBs (observed on proxy)
Scenario 2:
Global Correlation Inspection: OFF
Reputation Filter: ON
Result: Global correlation downloads 4-5 MB every 5 Minutes (observed on proxy)
This behavior has been observed on both IPS devices one by one. What we wanted the clarity on is why is does global correlation download so much of data when it is OFF, and downloads only minimal data when ON. The equation does not seem to be right.
Request you for your prompt response.
Regards,
Neal
05-21-2014 11:14 PM
Request forum member to please help on the question..
Any help is welcome..
Regards,
Neal
05-27-2014 10:23 AM
Both global correlation and reputation filtering retrieve updates from the SensorBase network, or IronPort. By default, they communicate with the network every five minutes. This value cannot be changed by the IPS administrator.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: