ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Top 10 GVMs with threat detected details is displayed as blank even though "Network Threat detected" & "Virus Detected" graph on home page displays data post re-registration of DCS service with NSX

book

Article ID: 161739

calendar_today

Updated On:

Products

Data Center Security Server

Issue/Introduction

The Home page widgets "Network threats detected" & "Virus detected" will continue showing data for the old events, even after an administrator performs one of the following cleanup activities: 

  1. Deletion of Guest VMs on which events are generated.  
  2. Explicit Re-registration of NSX and SVA by administrator. 
     

Network Threat detected & Virus Detected graphs continues to display the data, whereas no data is displayed for "Top 10 GVMs with network threats remediated" & "Top 10 GVMs with virus threats remediated".

The graph displayed under "Network threats detected" & "Virus detected" should not display any data, once clean up is done and post clean up a new SVA is registered . This creates confusion since the other data for the Top 10 GVMs is not displayed.

Resolution

This event data will get cleaned/purged based on the event purging configurations.  

However the other two widgets "Top 10 GVMs with network threats remediated"  and  "Top 10 GVMs with virus threats remediated" will always be in sync with the Guest
VM inventory. 

 

 

Applies To

 

Steps:

  1. Install SVA on the cluster
  2. On vSphereWeb client create a security group and apply a security policy 
  3. Access some AV threats & network threats on the GVMs, such that the graph on home page displays some data ("Network Threat Detected", "Virus Detected", "Top 10 GVMs with network threats remediated" & "Top 10 GVMs with virus threats remediated).
  4. Unbind the security policy from the security group. Delete the security group & security policy
  5. Un-deploy SVA from the cluster
  6. Login to web UI & navigate to Integration page .  Unregister the DCS:S server from the NSX
  7. Un-register DCS with UMC
  8. Register DCS with UMC by running registerProduct.bat script
  9. Login to Web UI and under integration page , again import & register DCS:S service with NSX
  10. Deploy SVA on the cluster again & wait till it is registered with Server