KBI 312070 Argent Web Defender Not Firing Alerts
Version
Argent Omega & Argent AT any version
Date
Friday, 1 September 2023
Summary
If alerts are not being sent out when a website has issues, there is likely a configuration issue
There are several places to verify configuration
Technical Background
-
Check CMDB-X
When adding your website into CMDB-X, make sure you use ‘URL Object’ as the ‘Type’Also ensure that you have applied a license, and that you insert the website address into the ‘URL Path’ field in the properties, then save
-
Verify Rule Settings Used In Relator
In the website rules you leverage in the Relator, ensure that you have ‘Post Event Even If The Same Event Is Still Outstanding’ enabled
If you leave this unchecked, the event won’t post if there is an outstanding, unanswered event
-
Verify Relator Settings
On the ‘What To Monitor’ tab ensure that the websites in question are included either individually or as a part of a Monitoring Group
On the ‘What To Run’ tab ensure that you have added the desired web-based rules to run
On the ‘When To Run’ tab ensure that you have enabled ‘Repeat Task’ and set an appropriate ‘Repetition Interval’
If you have the ‘Repetition Interval’ set too high, the website might go down and come back up before the alert is ever ran
If you have the ‘Repetition Interval’ set too low (every 10 seconds as an example) the target website may reject the rules connection attempts as they are seen as excessive or malicious – this may cause false positive alerts
Finding a happy medium for your ‘Repetition Interval’ is important – if you have different expectations for groups of websites, consider creating a new Monitoring Group and Relator with separate configuration
Resolution
N/A