Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Database performance issue due to lots of Integrity Monitoring baseline data

    • Updated:
    • 27 Sep 2021
    • Product/Version:
    • Platform:
    • ALL
Summary

The Integrity Monitoring module, when enabled, collects system information to define a baseline reference.  All subsequent changes will be compared against the baseline and will result in the generation of security events if a change is determined.

As the baseline grow larger, the data in the database would increase. This may impact the performance of the database and the ability to 'view baseline' from the Deep Security web console.

Details
Public

In order to meet the performance and operational needs of our customers, starting Deep Security Manager version 20.0.503 the capability to remove the baseline data from the database has been introduced. This does not impact the capability of the Integrity Monitoring module to detect change. 


Minimum version: 

  • Deep Security Manager - 20.0.503 ( 20 LTS Update 2021-09-23)
  • Deep Security Agent - 20.0.0-2740 (20 LTS Update 2021-07-29)


How to enable this setting on Windows: 

Run the following command to adjust the hidden setting:

  1. In the Windows command line, go to the Deep Security Manager's working folder, for example,
    cd "\Program Files\Trend Micro\Deep Security Manager"
  2. Use the dsm_c command with parameters to change to the new settings: 
dsm_c.exe -action changesetting -name settings.configuration.enableDenormalizedIM -value true

           dsm_c command returns 0 value indicating successful execution


How to enable this setting on Linux: 

  1. In the Linux command line, go to the Deep Security Manager's working folder, for example,
    cd /opt/dsm
  2. Use the dsm_c command with parameters to change to the new settings: 
./dsm_c.exe -action changesetting -name settings.configuration.enableDenormalizedIM -value true

dsm_c command returns 0 value indicating successful execution


In addition, all security events related to integrity monitoring and forwarding these events (through SNS or syslog) are not affected by this change. 

 

The following features will not be available when the baseline data is removed from the database:

  • Unable to see the complete baseline in the web administration interface through the 'view baseline' button.


    image.png

     

  • Unable to use the "Trusted Common Baseline" as the source of Auto-Tagging.


    image.png

     

  • Unable to generate the "Integrity Monitoring Baseline Report"


    image.png

     

Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
000289069
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.