IPDB: IPDB and the IPDB Extractor Service

Document created by RSA Information Design and Development on May 3, 2016Last modified by RSA Information Design and Development on Sep 1, 2016
Version 3Show Document
  • View in full screen mode
 

This topic introduces the IPDB Extractor service and its role in the Reporting Module. You can choose the Internet Protocol Database (IPDB) as the source of your data when generating reports in the RSA Security Analytics Reporting module. The IPDB Extractor service sends data from the IPDB to the Reporting Engine. The IPDB is the repository for both normalized and raw event messages. It stores all collected messages in a file system organized by event source (service), IP address, and time (year/month/day) with index files to facilitate searches (report and queries). 

Note: The IPDB Extractor only supports Content 2.x Event Sources.

You can use the Live Manual Resource Deployment dialog to deploy the latest content to the IPDB Extractor service. Deployment stores the IPDB Extractor service content in  /etc/netwitness/ng/envision/etc directory. The content consists of:

  • The service xml for all service types that RSA supports.
  • The ipaddr.tab file - IP address file.
  • The ecat.ini file.
  • The table-map.xml file - envision content to NetWitness meta map.

You are here: IPDB and the IPDB Extractor Service

Attachments

    Outcomes