SA Cfg: Live Services Configuration Panel

Document created by RSA Information Design and Development on Apr 25, 2016Last modified by RSA Information Design and Development on Dec 2, 2016
Version 3Show Document
  • View in full screen mode
  

This topic introduces the features of the System View > Live Services Configuration panel for setting up your Live account and the CMS server connection.

Live Account consists of two sections, namely RSA Live Status and Download Live Feedback Activity Log. You must Sign In by entering your Live Account credentials to access the Live Services. To activate your Live account for Security Analytics, please contact RSA Customer Care. When you have confirmation that your Live account has been set up, you can configure the CMS server connection as described in Configure Live Services Settings.

The Live Services panel provides the user interface for :

  • the Live account
  • the Live Content update schedule and preferences for notification of updates
  • participation in Live Feedback

New Features Enabled Dialog

When you log onto Security Analytics for the first time, you will be prompted with New Features Enabled dialog.

                   
FeatureDescription

Accept

Clicking Accept indicates that you agree to participate in Live Feedback and allow Security Analytics to send RSA the usage metrics and version of SA hosts about your environment to RSA, provided a Live Account is configured.

View Settings

Clicking View Settings redirects you to the Live Services UI to view the settings. If you have not configured the Live Account, a masked screen is displayed.

For information on Live Feedback, see Live Feedback Overview.

For information on Live Threat Data Sharing, see Security Analytics Feedback and Data Sharing in the Live Services Management Guide.

Live Services View

You access this view in the Security Analytics menu, Administration > System > Live Services.

Note: If you are not signed in with your Live Account credentials, a masked screen is displayed.

LiveNotSignedIn.png

Features

The Live Configuration panel has three sections: Live Account, Live Content, and Additional Live Services.

Live Account Section

In the Live Account section, you must enter the Live credentials. The information needed to set up the user’s Live account consists of the Username, Password, and Live URL for the RSA Content Management System. This information is provided by Customer Care.

The following table describes the Live Account section features.

                                       
FeatureDescription

Host

The Live URL for the Content Management System. The default value points to the RSA CMS at cms.netwitness.com.

Port

The communications port for Live to send requests to the Content Management System. The default value for this field is 443, which is the communications port on the Content Management System.

SSL

Allows the user to communicate via SSL.

Username

The Live account user name as provided by RSA Customer Care.

Password

The Live account user password as provided by RSA Customer Care.

Test connection

Tests if the connection is successful or not.

Apply

Saves and applies the configuration.

The Live Account section, provides an option to download and share the Live Feedback historical data by clicking Live Feedback Activity Log.

For more information about how to download historical data, see Upload Data to RSA for Live Feedback.

Live Content Section

You can configure the Live Content Synchronization interval and notification at which Security Analytics checks for new updates to Live Content:

Use the Check for New Updates field to change the interval. Select an interval from the drop-down list. The default value for this setting is once a day.

The following table describes the Live Content features.

                                   
FeatureDescription
Check for new updates

This setting dictates how often Security Analytics checks for new updates to Live Subscriptions and synchronizes subscribed resources and tags:

  • once a day

  • twice a day

  • four times a day

  • every hour

  • every other hour

  • every half hour

The default value for this setting is once a day.

Next CheckDisplays the time and date of the next scheduled Live synchronization based on the configured interval for checking.
Email Addresses

Email addresses specified here receive messages containing a list of subscribed resources that have been updated in the last 24 hours.

HTML format

Specifies the format of email messages.

  • Checked = HTML
  • Not checked = text
Check Now

Instead of waiting for the next scheduled resource cycle, this option forces Live to begin immediate synchronization of the subscribed resources in this instance of Security Analytics.

Caution: Use this feature with caution because synchronization can cause a parser reload if a Lua Parser or Flex Parser is deployed in the update cycle. This is acceptable once or twice a day, but a number of back-to-back parser reloads can cause packet loss at the Decoder. If this is the initial setup and you haven’t configured Live resource subscriptions, do not Synchronize Now. Wait until you have configured subscriptions.

ApplyApplies the changed configuration to the subscription synchronization behavior. The changes become effective immediately. The Next Live synchronization is scheduled for field is updated if the time changed.

Force Immediate Synchronization

To force immediate synchronization, click Check Now. Security Analytics checks for updates in subscribed resources.

Instead of waiting for the next scheduled resource cycle, this option forces Live to begin immediate synchronization of the subscribed resources in this instance of Security Analytics. One use for this is to see the immediate impact of a configuration change. For example, a new service has been added, or new resources have been toggled for automatic deployment. The scheduled synchronization could take place hours later if Security Analytics Live is set to synchronize a few times a day.

Caution: Synchronization can cause a parser reload if a Flex Parser is deployed in the update cycle. This is acceptable once or twice a day, but a number of back-to-back parser reloads can cause packet loss at the Decoder. If this is the initial setup and you haven’t configured Live resource subscriptions, do not Synchronize Now. Wait until you have configured subscriptions.

Additional Live Services

Note: Click on Learn about the data RSA is collecting. For more information, see Live Feedback Overview.

The following tables describes the Additional Live Services features.

                       
FeatureDescription
Enable

By default, this option is enabled and grayed out. You cannot disable the Live Feedback option

Learn about the data RSA is collecting

Lists the types of data RSA is collecting:

  • Product Name

  • Product Version

  • Product Instance

  • Activation Key

  • Details of each Component such as:

    • ID

    • Name

    • Version

    • Instance ID

  • Metrics for each component

Apply

Applies the configured changes. The changes become effective immediately.

Note: This option is applicable only for Live Connect Threat Data Sharing (Beta).

About Live Feedback Participation

When you participate in Live Feedback, it collects relevant information for further improvement. For information on Live Feedback, see Live Feedback Overview.

When you install Security Analytics, you will be prompted to participate in Live Feedback. For information, see .Configure Live Services Settings

If needed, you can manually download historical usage data and share it with RSA. For information on how to download historical usage data and share it with RSA, see Upload Data to RSA for Live Feedback.

You are here
Table of Contents > References > Live Services Configuration Panel

Attachments

    Outcomes