RSA NetWitness Health and Wellness (BETA) is an advanced monitoring and alerting system that provides insights on the operational state of the host and services in your deployment, and helps identify potential issues. NetWitness Platform is prepackaged with third-party tool namely Kibana that renders interactive dashboards and visualizations.
Health and Wellness (BETA) provides:
- Dashboards with interactive Visualization.
- Easy-to-create customized content (Visualization, Alert, Dashboard and so on).
- Alerts on your data and customize alert conditions.
RSA NetWitness Health and Wellness (BETA) provides default content, such as Dashboards, Visualizations and Monitors to set up monitoring and alerting.
Please direct any Health and Wellness Beta feedback to firstname.lastname@example.org.
Dashboard is a collection of intuitive visualizations for the administrator to monitor the health of the host and services, identify trends, track performance, and drill down to specific details.
On the installation of Health and Wellness service, the following default Dashboards are available to begin monitoring.
Deployment Health Overview Dashboard – This provides overall health of the NetWitness Platform hosts and services, such as:
- Total number of active hosts
- Hosts by memory usage
- Hosts by CPU usage
Hosts Dashboard - This provides the resource utilization and health on NetWitness hosts in your deployment such as:
- Inbound or outbound traffic over the host interfaces like eth0 or em1
- CPU, memory, and disk usage of the hosts
- Open file descriptors for the service
Logs Dashboard - This provides the insights of NetWitness Platform logs such as:
- Capture drops percentage for Log Decoders
- Capture rate percentage for Log Decoders
- Query status for a service
You can drill down the log capturing and processing services like Log Decoders, Concentrators, Brokers, Archivers, and ESA Correlation for analysis.
Packets Overview - This provides insights on NetWitness Platform network data, such as:
- Network capture percentage for a service
- Network capture drop percentage for a service
- Query status for a service
You can drill down the packet capturing and processing devices like Network Decoders, Concentrators, Brokers, ESA Correlation for analysis.
You can create a new dashboard or customize existing dashboards.
Visualization is a graphical representation of data in your deployment. You can create new visualizations or use the existing visualization to build dashboards. Depending on the visualization you select the data is displayed in the Dashboard.
A monitor is a job that runs on a defined schedule, which queries the Elasticsearch to evaluate the system health. You can define one or more triggers for a monitor and assign severity level based on the threshold. When one or more trigger conditions are met, Health and Wellness generates an alert. that can be viewed in the Kibana UI. You can create new monitors or customize the existing monitors based on your requirement.
Health and Wellness System Requirement
Minimum memory for a standalone virtual host is 16 GB.
Each NetWitness platform host writes 150 MB of Health and Wellness Metrics data into Elasticsearch data per day. For example, if you have 45 NetWitness Platform hosts then 6.6 GB of metrics data is written to Elasticsearch.
|4 cores||16 GB|
Installing Health and Wellness
You must deploy the Health & Wellness Search (BETA) version on a dedicated, virtual host. It includes Elasticsearch, Kibana, and Metrics Server and enables all hosts in your deployment to start sending metrics to Elasticsearch. For more information on installing Health and Wellness Search (BETA) Version for Standalone Virtual Host Only see "Deployment Optional Setup Procedures" topic in the Deployment Guide.
Accessing Health and Wellness
After you deploy Health and Wellness (BETA), you can access the Health and Wellness.
To access Health and Wellness:
- Go to https://<Host-ipon which Next gen H&W is installed >:5601.
- Enter the user name as admin and password as netwitness@rsa.
After you log in to Kibana, RSA recommends that you change the password. For more information, see Changing the Kibana Password.