question

DanielM-6075 avatar image
0 Votes"
DanielM-6075 asked DanielM-6075 commented

Best practise Event Collector refresh interval

Hi,

When you configure the setting "Configure target Subscription Manager" in a GPO to tell servers which Event Collector to connect to you can also specify by which refresh interval it should be done.

I am wondering:
- What the default refresh interval value is if you dont specify anything
- What is the range of the refresh interval that can be specified
- What is a good/best practise refresh interval to be set for subscriptions that change very seldom

/Daniel

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

CarlFan-MSFT avatar image
0 Votes"
CarlFan-MSFT answered DanielM-6075 commented

Hi Daniel,
1. Follow the official documentation below, in which the refresh interval is set as 10 seconds.
https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection
2/3. The Refresh interval indicates how often clients should check in to see if new subscriptions are available. Always we could set the refresh =60.
Server=http://<FQDN of the collector>:5985/wsman/SubscriptionManager/WEC,Refresh=60
This parameter is measured in seconds. If the subscriptions don't change frequently, this parameter can be configured to check every few hours or even less often.
Hope this helps and please help to accept as Answer if the response is useful.
Best Regards,
Carl


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Carl!

We have the same thoughts about pushing the refresh interval to a high number.
What is the range of the refresh interval. What is the highest available setting?

/Daniel

0 Votes 0 ·

Any answer on this?

0 Votes 0 ·