Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Reporting

Reply

Reporter data overage issues

New Member
Posts: 1
585     1

We are running into problems keeping our reporting data usage under our current license limit. We recently increased our limit to try to keep reporting alive but we are still having problems. Has anyone had success tuning reporting to keep this data usage below a threshold? I can't find any information on how to find out exactly what bit(s) are eating our data up or how to effectivly adjust the reporter to account for that.

We have spooled up the Data Connector in a VM, and are using FQDN ETL filter to remove superfluous/internal information and that appeared to help for a little while and then our data went back up.

We've adjusted the Data Indexing to bare minimum, to no avail.

Adding the same domains that were in our ETL filter on the Data Connector to the "Exclude the following Domains" dialog in Grid DNS properties/logging/advanced seems to have made a difference but shouldn't the data connector be filtering them already?

I'm at a complete loss, any suggestions would be greatly appreciated!

Showing results for 
Search instead for 
Did you mean: 

Recommended for You