Oct 14 2018
- last edited on
Nov 30 2021
I have few questions and concerns regarding ATA which are as followed:
Thank you in advance for your replies.
Oct 14 2018 05:23 AM
You do not want to cover the same DC both with a lightweight version and a standalone version, it will cause problems.
A DC needs to be covered by just one Gateway. it's better to use the Lightweight one if it can handle the traffic.
Not having full coverage should not be a trigger to false positives.
it will usually won't see some of the traffic if you are not covered, which means we might miss true events...
You need to research why you keep getting the same FP, and if the source entity that creates them is supposed to create them, you can exclude it.