Content Analysis (CA) is a crucial part of Blue Coat's Advanced Threat Protection (ATP) solutions suite. To take full advantage of its power, it's important to understand, enable, configure, and monitor various modules that can make an administrator's life much easier and save hours of digging through logs and analyzing data mined from those logs.
The purpose of ICTM is to warn the administrator when the CA systems under his/her care become too busy to be as effective as possible. ICTM is a tool to make administrators more proactive without having to constantly monitor every CA system in the environment.
To solve problems before they arise, the administrator should understand how ICTM is properly setup. That means to change the default values in 2 of the fields we see when navigating to Settings > ICTM.
The fields to change are explained in the following images.
Image 1 - initial ICTM setup screen
In image 1, the 2 fields have been emptied, and the grayed-out zeros are shown. To fill in these two "blanks" you need to know the total number of Concurrent ICAP Connections that the SG(s) "feeding" objects have been configured to allow. For instance, if the total is 250, then the first box should have 175 entered (175 is 70% of 250) as in image 2.
Image 2 - partial ICTM setup completed
Notice the pop-up below the box outlined in red. When the mouse cursor is hovering over that box, which will hold the value that is 90% of the total concurrent ICAP connections. For that box, enter 90% of the total, which is 225, as in this final image, which also shows the state of the page after "Save Changes" is clicked as in image 3.
Image 3 - Completion of ICTM page.
Notice that the word "
Success" is displayed next to the Save Changes button.
This completes setting up ICTM on CAS. If your version of CA doesn't include this page, you should upgrade to the latest release. In some cases, that will be a PR (Patch Release) so you get the latest security and bug fixes. Please be certain you always read the Release Notes so important information about upgrade pathways, and which bugs are resolved.
There is no work-around, and failing to set this page up will result in a significant number of unnecessary alert emails, if alerting is configured, to the administrator when ICTM is enabled but not correctly configured.
Using the context sensitive help on the configuration page for any service is a good practice. That is accessed by clicking the question mark (?) to the left of your login name in the upper-right corner of the CA UI.
Imported Document ID: 000024047
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.