Yesterday I was in a meeting with one of our technology partners and they were looking at our "MAC cache usage high" rule ( see here ). They asked us: "How often does this issue happen?"
This is where the power of Insight really shines. We jumped into our Insight database and ran a quick query:
mysql> select Headline, vendor, Model, OS_Version, Create_DateTime from alert inner join device_information_latest on alert.device_uid = device_information_latest.device_uid where headline = 'MAC cache usage high';
+----------------------+------------------+---------+------------+---------------------+
| Headline | vendor | Model | OS_Version | Create_DateTime |
+----------------------+------------------+---------+------------+---------------------+
| MAC cache usage high | paloaltonetworks | PA-7050 | 7.1.0 | 2017-12-26 13:00:36 |
| MAC cache usage high | paloaltonetworks | PA-7050 | 7.1.0 | 2017-11-16 20:32:00 |
| MAC cache usage high | paloaltonetworks | PA-7050 | 7.1.0 | 2018-01-31 20:29:13 |
+----------------------+------------------+---------+------------+---------------------+
3 rows in set (0.08 sec)
So this has occurred three times in Indeni deployments globally, so not very common. It has always happened with a specific device though, which is interesting. The power of Insight at play!