Hi all,
I am seeing a lot of “Connection terminated before detection: Insufficient data.” and “Connection terminated before detection: No SSL applicative data.“ and the matched rule “CPNotEnoughDataForRuleMatch” on my gateway and it worries me a little.
When I perform a simple search for logs with those fields in combination in our SIEM in 24 hour time frame I get quite a lot as seen below:
I've checked out the sk113479 and it states that: “No fix is required. This behavior is by design.”, but I still find it a bit odd.
Below is an actual log from the gateway:
And the matched rule:
The gateway seems to work as it should, but it just seems as a fairly large amount of hits and I’m just worried we have some kind of misconfiguration on our gateway.
Appliance is 6400 running 81.20 Take 84.
Any comments or ideas are welcome!
Thanks.