Perform the following procedure to create a custom rule to exclude tracking of files in the Export Directory.
When External Analytics is enabled, there will be repeated, ongoing file write operations in the Export Directory. Normally, this would generate significant event traffic on the Carbon Black App Control Server if an agent is active on the server. Since this event traffic is not usually interesting to track, consider creating a custom rule to exclude tracking of files in the Export Directory. See Custom Software Rules for more about how these rules may be configured.
Procedure
- On the console menu, click Rules > Software Rules and then click the Custom tab.
- Click the Add Custom Rule button.
- On the Add Custom Rule page, provide the necessary information to create a rule that will ignore writes to the Export Directory for analytics data:
- Name – Choose a name to clearly identify the rule; for example, Ignore Data Analytics Log Files.
- Description – (Optional) Add a description to further identify the rule purpose.
- Status –Click the Enabled radio button.
- Platform – Choose the platform to which the rule is applied; this is Windows (the default) for Export Directories that are on the Carbon Black App Control system.
- Rule Type – Choose Performance Optimization.
- Path or File – Provide the Path and Name of the folder where analytics files are written; for example, D:\CbProtectionAnalytics.
- Process – Choose Specific Process, then enter and Add the processes that Carbon Black App Control uses to write these files. For example, if you are running a 64-bit OS and used the default Carbon Black App Control installation directory, you would use:
ProgramFiles>\Bit9\Parity Server\ParityServer.exe<ProgramFiles>\Bit9\Parity Server\Reporter\ParityReporter.exe
- Rule Applies To – Choose All policies or if you prefer just the policy that the system being written to (usually the Carbon Black App Control Server) belongs to.
- When you have finished configuring the rule, click the Save button. The new rule is added to the Custom Rules table