App Control: Filtering processed events for Event Rule returns no results
search cancel

App Control: Filtering processed events for Event Rule returns no results

book

Article ID: 291625

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Filtering "Processed Events" under an Event Rule does not return any results

Environment

  • App Control Console: 7.2.x and Higher

Cause

Query is timing out. 

Resolution

  1. Log onto the Application Server
  2. Stop the App Control Server service in services.msc
  3. Navigate to C:\Program Files (x86)\Bit9\Parity Console\php\
  4. Copy the file php.ini to the desktop and rename the original to php.ini.back
  5. Edit the desktop php.ini file 
    Find this value
sqlsrv.querytimeout = 30

Change to
sqlsrv.querytimeout = 300
  6. Move the desktop php.ini file into C:\Program Files (x86)\Bit9\Parity Console\php\
  7. Start the App Control Server service
  8. Open CMD as admin and run 
    IISRESET

    Additional Information

    Filtering events by description or using "contains" type filters can cause query timeouts. Try limiting these as much as possible. For Example, if you are searching for a rule name, use Rule Name is "MyRule" and not Rule Name contains "MyRule". Even though you are giving the full name in both cases, the contains is still more resource intensive.
    Powered by Wolken Software