Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Flowmon General
  4. Flowmon ADS

Bug - false positive rules got deleted seemingly on their own

Updated

 

Information

 

Summary:

false positive rules get deleted after a filter was deleted
Environment:

Product: Flowmon ADS

Version: 12.x up to 12.1.2

Platform: Any
Question/Problem Description:

"We noticed that since 08/06/2023 the RANDOMDOMAIN method started to generate events for a URL that was already filtered out. We were surprised, when we found out that the False positive entry is missing. In the logs no delete action is visible."
Steps to Reproduce: create a false positive rule with only hostnames, delete any filter
Error Message:  
Defect Number: FLMON-5829
Enhancement Number:  
Cause:

There is a functionality in ADS that deletes potentially invalid filters and possibly associated false positive rules.

This functionality was not modified when hostname and autonomous systems were added to the FP rules. So the behavior is such that if there is a false positive rule that contains only ASN or a hostname, it is deleted when any filter is deleted.

 

This behavior will be fixed in the next minor version of Flowmon ADS (probably 12.1.3)
Resolution:  
Workaround:  
Notes:  
Was this article helpful?
0 out of 0 found this helpful

Comments

In this document