Intelligent Connection Traffic Monitoring (ICTM)

book

Article ID: 168476

calendar_today

Updated On:

Products

Content Analysis Software - CA

Issue/Introduction

Content Analysis (CA) is a crucial part of Blue Coat's Advanced Threat Protection (ATP) solutions suite. To take full advantage of its power, it's important to understand, enable, configure, and monitor various modules that can make an administrator's life much easier and save hours of digging through logs and analyzing data mined from those logs.

The purpose of ICTM is to warn the administrator when the CA systems under his/her care become too busy to be as effective as possible. ICTM is a tool to make administrators more proactive without having to constantly monitor every CA system in the environment.
 

Resolution

To solve problems before they arise, the administrator should understand how ICTM is properly setup. That means to change the default values in 2 of the fields we see when navigating to Settings > ICTM.

The fields to change are explained in the following images.
First ICTM configuration screenshot
Image 1 - initial ICTM setup screen

In image 1, the 2 fields have been emptied, and the grayed-out zeros are shown. To fill in these two "blanks" you need to know the total number of Concurrent ICAP Connections that the SG(s) "feeding" objects have been configured to allow. For instance, if the total is 250, then the first box should have 175 entered (175 is 70% of 250) as in image 2.
ICTM configuration page with 70% value entered & 90% value waiting for entrance.
Image 2 - partial ICTM setup completed

Notice the pop-up below the box outlined in red. When the mouse cursor is hovering over that box, which will hold the value that is 90% of the total concurrent ICAP connections. For that box, enter 90% of the total, which is 225, as in this final image, which also shows the state of the page after "Save Changes" is clicked as in image 3.
Final ICTM setup image showing 90% value entered, and Save Changes having been clicked on.
Image 3 - Completion of ICTM page.

Notice that the word "Success" is displayed next to the Save Changes button. 

This completes setting up ICTM on CAS. If your version of CA doesn't include this page, you should upgrade to the latest release. In some cases, that will be a PR (Patch Release) so you get the latest security and bug fixes. Please be certain you always read the Release Notes so important information about upgrade pathways, and which bugs are resolved.

Workaround

There is no work-around, and failing to set this page up will result in a significant number of unnecessary alert emails, if alerting is configured, to the administrator when ICTM is enabled but not correctly configured.

Attachments