Version

Argent Omega & Argent AT any version

Date

Thursday, 7 September 2023

Summary

If you are using the website-based rules in Argent Omega or Argent AT and receiving false positive alerts, you may need to change the configuration

Technical Background

There are several ways this false positive alert behavior can manifest

For example – running the WA_CHECK rule manually works correctly, however turning on the Relator will work for a few cycles then start failing repeatedly back-to-back

Resolution

In your Relator, you must change the frequency of execution on the ‘When To Run’ tab

If you have the ‘Repetition Interval’ set too low (every 10 seconds as an example) the target website may reject the rules connection attempts as they are seen as excessive or malicious – this will cause false positive alerts

The threshold for what is considered ‘too frequently’ completely depends upon the website you are running the website rule against – the threshold for one website will likely differ from another depending on how that website is configured

Finding a happy medium for your ‘Repetition Interval’ is important – if you have different expectations for groups of websites, consider creating a new Monitoring Group and Relator with separate configuration for each group

In the above example, 10 second Repetition Interval is excessive and unproductive – I increase this to every 2 minutes which then allows the Relator to function as intended without false positive alerts

For further assistance, please contact Argent on Instant Help at https://Instanthelp.Argent.com/