000037142 - Identify agent types based on module enablement/disablement in RSA NetWitness Endpoint

Document created by RSA Customer Support Employee on Jan 28, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037142
Applies ToRSA Product Set: NetWitness Endpoint
RSA Product/Service Type: NetWitness Endpoint
RSA Version/Condition:
Platform: Windows
IssueIn the UI, there are 3 monitors that are not listed in columns for review of agents by monitor type. These include the blocking monitors, and the WFP monitor which is new to 4.4.x

Without these monitors, it becomes difficult to exactly confirm agents using the No network monitoring setting, as this should disable WFP and TDI, or some of the other monitoring settings possible.
CauseBoth blocking and WFP monitors were late features that were introduced as enhancements for the agent. The UI was not given column options to show these monitors, which makes verifying their disablement or enablement impossible in the UI and difficult in the SQL database due to the way the WFP monitor is updated there.
ResolutionThere are ways to determine the monitor status from the SQL database but this is not a perfect solution due to the way WFP is updated there. The direct solution is inclusion of the missing columns which will make filtering of machines in the UI an accurate process.

A permanent fix is slated for, although it may be pushed to the next release cycle.