Version

Argent Omega 2.2A-2307-A and earlier

Date

Monday, 2 October 2023

Summary

When running Argent Compliance Automator Rules, user may find that the ‘ARCHIVE_DATA’ folder accumulates thousands of pending ARC files. File time can be hours or days old.

Other symptoms include empty Compliance reports, high CPU and memory usage of SQL Server process, etc.

The issue has been addressed in Argent Omega 2.2A-2307-B (Build: 2.2.2310.2).

Technical Background

Argent Omega service writes events to archive to intermediate ARC files in the ARCHIVE_DATA folder. Argent SIEM-Complete processes these files and saves them to database using SQL Bulk Copy.

Busy Domain Control can generate tens of thousands of security logs per minute. In previous versions, Argent SIEM-Complete attempts to periodically save whatever accumulated events to database as a batch. When the batch is very big, SQL Server could be stressed, and performance deteriorates dramatically.

Argent Omega has been enhanced to throttle on SQL Bulk Copy and attempts to save data in smaller batches. The size can be configured as below:

Resolution

Upgrade to Argent Omega 2.2A-2307-B (Build: 2.2.2310.2)

For further assistance, please contact Argent on Instant Help at
https://Instanthelp.Argent.com/