000038532 - How to fix RSA NetWitness Endpoint alerts could not display middle pane in hosts-details page

Document created by RSA Customer Support Employee on Mar 24, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038532
Applies ToRSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: User Interface
RSA Version/Condition: 11.3.2.0
 
Issue

RSA NetWitness Endpoint alerts could not display middle pane in the INVESTIGATE-Hosts-Details page after removing the Endpoint hybrid from Admin node, then re-image and add the endpoint hybrid.

User-added image

Resolution

Cause: The uuid of the concentrator is changed, but new uuid is not updated properly.

To fix this issue, 



  1. Get the investigate-service-id:

        a) Go to ADMIN > Concentrator service.
        b) Click gear button > View > Explore tab.
        c) Expand the sys/stats node list.
        d) In the UUID filed, copy the value.


  2. Update the investigate-service-de:
        a) Go to ADMIN > Endpoint Server service.
        b) Click gear button > View > Explore tab.
        c) In the endpoint/investigate field, specify the investigate-service-id.
  3. Restart the ESA server.
  4. Restart respond-server service on the admin node.
        systemctl stop rsa-nw-respond-server.service
        systemctl start rsa-nw-respond-server.service
        systemctl status rsa-nw-respond-server.service
     
  5. 5. Select hosts at Investigate-Host page, then perform 'Reset risk score'

Attachments

    Outcomes