Troubleshooting
We have extended our troubleshooting documentation to cover more common issues and questions. If you have any suggestions for this please open an issue here.
Security Engine Troubleshooting
Remediation Components Troubleshooting
CTI Troubleshooting
Community support
Please try to resolve your issue by reading the documentation. If you're unable to find a solution, don't hesitate to seek assistance in:
FAQ
How to report a bug
To report a bug, please open an issue on the affected component's repository:
What license is provided ?
The Security Engine and Remediation Components are provided under MIT license.
How fast is it
The Security Engine can easily handle several thousands of events per second on a rich pipeline (multiple parsers, geoip enrichment, scenarios and so on). Logs are a good fit for sharding by default, so it is definitely the way to go if you need to handle higher throughput.
If you need help for large scale deployment, please get in touch with us on the Form, we love challenges ;)
Why are some scenarios/parsers "tainted" or "custom" ?
When using cscli
to list your parsers, scenarios and collections, some might appear as "tainted" or "local".
"tainted" items:
- Originate from the hub
- Were locally modified
- Will not be automatically updated/upgraded by
cscli
operations (unless--force
or similar is specified) - Won't be sent to Central API and won't appear in the Console (unless
cscli console enable tainted
has been specified)
"local" items:
- Have been locally created by the user
- Are not managed by
cscli
operations - Won't be sent to Central API and won't appear in the Console (unless
cscli console enable custom
has been specified)
Which information is sent to your services ?
See CAPI documentation.