Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Swiftyyyy
Advisor
Jump to solution

E86.70 and Newer & Threat Hunting

Hello CheckMates,

We've been fairly actively testing versions E86.70 & Newer due to their added support for 22H2 (albeit still EA).
We had recently noticed an issue relating to Threat Hunting; we only have records for "Detection Event" and "Network" sensor categories and even in those departments, the numbers are significantly lower than what we'd typically see in prior versions.

And this is consistent among ~300 installations of these newer clients.

Within our statistics pool, E86.60 still appears to function as expected in regards to Threat Hunting delivery. A check was also performed with "checkconnectivity.exe" and on E86.80, which is our largest sample size, the 3 URLs associated with Threat Hunting Upload all appear to fail.

We've upgraded a handful of clients to E87.00 and the connectivity check now appears to succeed, but we're still not receiving events to TH, though the sample size here is still fairly small.

Is anyone else experiencing this? 

0 Kudos
1 Solution

Accepted Solutions
Shiran_Gold
Employee
Employee

Hi,

Following your feedback and others we have investigated the behavior and made a change in the backend side to resolve the issue.

I am happy to hear you are getting the expected data correctly.

 

Have a nice day

Shiran 

View solution in original post

4 Replies
_Val_
Admin
Admin

R&D is investigating, this is not only your isolated issues. We will update you once we have more information.

Swiftyyyy
Advisor

Looks to have been corrected.
I opened a case with TAC yesterday, today I wanted to collect a set of logs for them & noticed things are working again.
So I'm confirming that E86.70, E86.80 as well as E87.00 in the sample sizes we have appear to be forwarding TH events again.

0 Kudos
_Val_
Admin
Admin

Thanks for letting us know. 

0 Kudos
Shiran_Gold
Employee
Employee

Hi,

Following your feedback and others we have investigated the behavior and made a change in the backend side to resolve the issue.

I am happy to hear you are getting the expected data correctly.

 

Have a nice day

Shiran 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events