Integrations have always been a complex part of the Infocyte Cloud's functionality. Historically, the Controller did double duty, deploying and scanning endpoints, as well as serving as a go between for alerts coming from the product on select integrations. This was accomplished with a secondary service and executable running on a machine defined as the Infocyte Worker. This service / executable is still required to handle the secure handoff of alerts to on-premise solutions such as SEIMS, SPLUNK, or Log Aggregators.
As of build number: 4488, released in September 2021, the Controller will be modified to no longer have this service running by default. Integrations and controllers already in place, will not be affected by this change.
This change occurred because in instances with multiple controllers (Controller groups, redundancy, subnetting) having multiple controllers with the service running resulted in multiple controllers forwarding alerts.
If your integrations are not working, verify the service is started and set to automatic.
If you are receiving duplicated alerts, make sure that the other controllers in the environment have the service disabled, and only one controller is providing the alerts.
For Service Providers with multiple customers and a single SIEM, please contact support for an advanced configuration technique.