Check free disk capacity for threat extraction

Check free disk capacity for threat extraction

1. What issue was experienced?

We’re using threat extraction module, however we observe a linkage related to disk size. If the disk is below than 64 gb on Firewall partion it’s working as fail open and do not interfere with file scans. See this log message: “The system cannot emulate files due to out of disk space. The files will be allowed or blocked according to the Fail-Mode setting (Threat Prevention > Advanced > Engine Settings). Free disk space is lower than the 65.38GB minimum threshold required for Threat Emulation. See sk124712”

2. What do you want to automate?

Can we add this check if possible, “disk size below 64 gb and the T.E is active fire an alarm…”

3. What is the Related Feature? (e.g., debug mode)

Threat Extraction

4. What Protocol to use? (e.g., ssh)

Not sure. Either SSH or HTTP

5. What Command to Extract?

Not sure. Hoping you can help with that.

6. What are the Remediation Steps?

Either add more disk space or (somehow) free up disk space on the partition.