Configure synchronization
In this section we will configure the synchronization between sensors at different levels.
Set the global synchronization interval (notification message)
| Product | CMC |
| Syntax | conf.user configure cmc sync interval <interval_seconds> |
| Description | Set the desired global synchronization interval for the in-scope sensor. Configuration is defined on the parent sensor; synchronization starts at child sensors and flows upstream. Each and every sync takes place following a notification message sent by the child sensor, stating that the child sensor is ready to synchronize data to its parent. The notification messages act as global synchronization settings, working together with the following settings as well. Note: In a multi-level deployment (e.g., one with root CMC, local CMC, and Guardian), the setting must be applied at each parent level (e.g., at the root CMC as well as at the local CMC). |
| Parameters | interval_seconds: the number of seconds between status notifications (default: 60) |
| Where | CLI |
| To apply | It is applied automatically |
Set the DB synchronization interval
| Products | CMC, Guardian |
| Syntax | conf.user configure cmc sync_db_interval <interval_seconds> |
| Description | Set the desired interval between DB synchronizations for the in-scope sensor. Configuration is done on the parent sensor; synchronization starts at child sensors and flows upstream. The setting applies to each DB element subject to synchronization (e.g., Alerts, Assets, Audit logs, and Health logs). As the interval expires, the DB entries are synchronized at the next notification message. Note: In a multi-level deployment (e.g., one with root CMC, local CMC, and Guardian), if the setting is applicable, it must be applied at each parent level (e.g., at the root CMC as well as at the local CMC). |
| Parameters |
|
| Where | CLI |
| To apply | It is applied automatically |
Set the filesystem synchronization interval
| Product | CMC |
| Syntax | conf.user configure cmc sync_fs_interval <interval_seconds> |
| Description | Set the desired interval between filesystem synchronizations for the sensor in scope, from its child sensors. The setting applies to each filesystem element subject to synchronization (e.g., nodes, links, and variables). As the interval expires, the filesystem entries are synchronized at the next notification message. In case the CMC is All-In-One, this interval will be used as default value for the Set the configurations merge interval. Note: In a multi-level deployment (e.g., one with root CMC, local CMC, and Guardian), if the setting is applicable, it must be applied at each parent level (e.g., at the root CMC as well as at the local CMC). |
| Parameters |
|
| Where | CLI |
| To apply | It is applied automatically |
Set the binary files synchronization interval
| Product | CMC |
| Syntax | conf.user configure cmc sync_binary_files_interval <interval_seconds> |
| Description | Set the desired interval between binary files synchronizations for the sensor in scope, from its child sensors. The setting applies to each binary file element subject to synchronization (e.g., PDF reports). As the interval expires, the binary file entries are synchronized at the next notification message. Note: In a multi-level deployment (e.g., one with root CMC, local CMC, and Guardian), if the setting is applicable, it must be applied at each parent level (e.g., at the root CMC as well as at the local CMC). |
| Parameters | interval_seconds: the number of seconds between binary files synchronizations
(default: 60). This parameter only makes sense when set higher than the global
synchronization interval. |
| Where | CLI |
| To apply | It is applied automatically |
Set the rows to be sent at every DB synchronization for each DB element
| Products | CMC, Guardian |
| Syntax | conf.user configure cmc sync record_per_loop <number_of_record_per_loop> |
| Description | The system allows the user to customize the synchronization, in particular the number of records to be sent at each phase. A synchronization phase is composed of 50 steps for each DB element, every one sending number_of_record_per_loop rows, which means that the system sends, by default, 2500 rows every time. |
| Parameters | number_of_record_per_loop: the number of DB rows sent per single request (default: 50) |
| Where | CLI |
| To apply | It is applied automatically |
Synchronize only visible alerts
| Products | CMC, Guardian |
| Syntax | conf.user configure cmc sync send_only_visible_alert [true|false] |
| Description | Set whether to synchronize all alerts from the child sensors to the in-scope parent sensor (false), or to synchronize only visible alerts (as defined in the Security Profile) (true). Default: false. Note: In a multi-level deployment (e.g., one with root CMC, local CMC, and Guardian), if the setting is applicable, it must be applied at each parent level (e.g., at the root CMC as well as at the local CMC). |
| Where | CLI |
| To apply | It is applied automatically |
Set the alert rules execution policy
| Product | CMC |
| Syntax | conf.user configure alerts execution_policy alert_rules [upstream_only|upstream_prevails|local_prevails] |
| Description | Set the desired execution policy for the alert rules. Note: In a multi-level deployment (e.g., one with root CMC, local CMC, and Guardian), if the setting is applicable, it must be applied at each parent level (e.g., at the root CMC as well as at the local CMC). |
| Where | CLI |
| To apply | It is applied automatically |
| Note | You can also change this configuration from the Web UI. |
Set the configurations merge interval
| Product | CMC |
| Syntax | conf.user configure cmc merge interval <interval_seconds> |
| Description | Periodically, CMC All-In-One merge all the filesystem elements received by the connected Guardians. This operation strictly depends on the filesystem synchronization. It is possible to define a custom interval, however it is suggested to specify a similar value as the one set for the filesystem synchronization. Note: In a multi-level deployment (e.g., one with root CMC, local CMC, and Guardian), if the setting is applicable, it must be applied at each parent level (e.g., at the root CMC as well as at the local CMC). |
| Parameters | interval_seconds: the number of seconds between two merging actions
(default: it follows the value of the Set the configurations merge interval. |
| Where | CLI |
| To apply | It is applied automatically |
Enable the PostgreSQL advisory locks for assets synchronization
| Product | CMC |
| Syntax | conf.user configure cmc save_assets_with_advisory_lock [true|false] |
| Description | Enable this feature to avoid potential database deadlocks on assets. This option shall be applied on mid-level CMC if the bulk asset synchronization is not enabled. Note: This option applies only on the CMC it is configured on. It is enabled by default. |
| Where | CLI |
| To apply | It is applied automatically |
Enable content modifications on a Guardian or CMC to be local only
| Products | CMC, Guardian |
| Syntax | conf.user configure threat_intelligence local_contents enable [true|false] |
| Description | Enable this feature to be able to modify contents on a machine even when it has an upstream connection. All changes will be local only, and changes from upstream will not be pushed down. If the feature is afterwards disabled, all the changes from the upstream will be propagated, and overwrite all the modifications done when the feature was enabled. |
| Where | CLI |
| To apply | It is applied automatically |