Risk not being calculate correctly


New Life Form
i have a directive that has even though priority is 4 reliability of 10 and asset value of 5 is always a risk of 0. i believe risk is supposed to be (asset value x priority x reliabiity) /25 but is always 0. version is 5.4.1 recently upgraded. been running for a couple of years but first time trying to get alarms.

I have another server working fine and also on 5.4.1.... what am I missing?

I have confirmed in directive alert it has the values as per above. the directive is 3 rules i get an directive alert created after rule 2 and rule 3. i thought I'd only get one.

  • ok so update,
    it is working but have no idea why... i tried lots of things like rebooting server again, alienvault-reconfig. all did nothing.

    finally decided to move on and a created a policy to send email on alarms did a policy reload and blam. and because I had played with the priority and reliability i got flooded.... wound back the numbers and now lets wait to see if I get any false positives.

    not happy i don't know why it started working, but at least I can move on. just worries me that it will fail again and will not receive alerts.
  • Probably because you reloaded the policies and directives after creating that policy?

    Though I haven't tried creating a directive, then seeing if a reboot will also reload the policies and directives, you would have needed a reconfig (which is what reloading does). I wouldn't think a reboot would necessarily force that and if not, then the directive you wrote would never go into action. Once you created a policy and did a reload, it would trigger a reconfig and as you say "blam".

    Just a theory until it tested, but something to think about,
