Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Frequently Asked Questions (FAQs) about the Threat Management Service (TMS) Heartbeat

    • Updated:
    • 7 Dec 2016
    • Product/Version:
    • Threat Discovery Appliance 2.0
    • Threat Discovery Appliance 2.5
    • Threat Mitigator 2.6
    • Platform:
    • Not Applicable N/A
Summary

This article lists down the questions that customers may ask about the Threat Management Service Heartbeat.

Details
Public

Yes. If it does not get the heartbeat after the default time that the device is set to send the heartbeat, device monitor will be triggered and will send necessary notifications to the administrator. It will notify the administrator about the current status of the device that is supposed to be reporting to TMS.

The heartbeat cycle happens every 10 minutes. Therefore, it is possible that by this time, it was still connected to TMS and that the data was sent to TMS. If the notice meant that TDA lost connection, it is possible that TDA was still able to send data to TMS before it was disconnected.

In a normal situation, the alerts happen if the heartbeat cycle expires and it is still better to rely on the heartbeat. This is because losing connection may be network-related and it can reconnect by itself. This is unnoticeable in the heartbeat cycle. This is better than regularly notifying clients only to keep them paranoid of the situation, which in the end will fix itself.

TDA will send an HTTP post to TMS every 10 minutes. It is a one-way communication. TDA does not need to know if the beat was set to TMS successfully or does not need to ask response from TMS. It will send an HTTP post to TMS and will not care if the post reaches the destination or not. TMS will wait for these beats to see if the reporting server is still connected or not.

It is normal that the two time stamps are different. Heartbeat and data are sent through different channels. Heartbeat is sent to the TMSP DataGateway server every 10 minutes, while data (detection log) is sent to TMSP every 6 hours or every 24 hours, depending on the TDA configuration.

When TMSP finds out that a device has not sent heartbeat for longer than the threshold time (1 hour for ADC TMSP), it will send the first notification. The second notification will be sent 24 hours later; the third, 48 hours after; and so on. It will not stop sending until the device is normal again, or if the admin unsubscribe notification. The notification sent time changes and it may be far from the other two timestamps.

Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1056039
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.