Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1369
Views
0
Helpful
0
Comments

Unable to generate rules on CSA MC and the "Rules for abc.xyz have complexity xxxx which exceeds the maximum of 7500" error message appears

TCC_2
Level 10
Level 10

‎06-22-2009 04:07 PM - edited ‎03-08-2019 06:13 PM

Core issue

The Rules for abc.xyz have complexity xxxx which exceeds the maximum of 7500 error message occurs because of the complexity check. Complexity is a check on the number of literals and number of distinct rules applied to a particular host. A literal is anything defined in a fileset.

For example, foo.exe is 1 literal and foo.exe, foo2.exe are two literals. In order to reduce the literals and thus generate rules successfully, you need to wildcard and generalize when possible. So foo*.exe changes the literals to 1 from 2, for example, from foo.exe and foo2.exe. The maximum literals is 7500.

The purpose is to prevent end systems slowness due to excessive processing time spent in every rule engine transaction.

Resolution

In order to resolve this issue, reduce your rule set slightly and examine for duplicates.

An easy way to  examine the duplicates is to choose Configuration > Policies. Scroll down to your policy and click the policy. On the next screen, scroll past the modules and onto the section called Combined Policy Rules.  In this section, you see headers such as ID, Type, Status, Action, Log, and so forth. Click directly on the Type heading.  This sorts the rules by type.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents