Log Collection Config: Configure Lockbox Security Settings

Document created by RSA Information Design and Development on May 9, 2016Last modified by RSA Information Design and Development on May 4, 2017
Version 6Show Document
  • View in full screen mode
  

This topic tells you how to configure Lockbox Security Settings. A new Lockbox stat corresponds to an Out-of-the-Box Alarm notification that monitors the status of the lockbox.

After completing this procedure, you will have:

  • Set the Lockbox password
  • Changed the Lockbox password
  • Reset the Stable System value
  • Generated a new encryption key
  • Displayed a Lockbox stat

Note: You can configure Health & Wellness to notify when there is an issue during Lockbox configuration.

Return to Procedures

The following figure shows you how to configure Lockbox Security Settings.

AddRCLA1(simple).png

Access the Services view.

LCParamConfigNav.png

Select a Log Collection service.
Click AdvcdExpandBtn.PNGunder Actions and select View > Config to display the Log Collection configuration parameter tabs.

LockBox.png

Select the Settings tab.
Modify the Lockbox parameters.

Procedures

Set the Lockbox Password

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  4. Click the Settings tab.
  5. In the options panel, select Lockbox to maintain Lockbox settings.
  1. Under Lockbox Security Settings, enter a password in the New Lockbox Password field  and click Apply.

Change the Lockbox Password

In the Security Analytics menu, select Administration > Services.

  1. In the Services grid, select a Log Collector service.
  2. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  3. Click the Settings tab.
  4. In the options panel, select Lockbox to maintain Lockbox settings.
  5. Enter the current password in the Old Lockbox Password field.
  6. Enter a new password in the New Lockbox Password field.
  7. Click Apply.
    Security Analytics changes the old password to the new password.

Create a New Lockbox

Caution: If you forgot the current password, you cannot retrieve it from the Lockbox. This means that you must recreate the lockbox.  If you recreate the lockbox, you have a new encryption key which means that passwords for any existing event sources will no longer be able to be decrypted.  You must then reset the password for each event source.

You may need to create a new lockbox if you forget your password, or if a catastrophic event occurs.

To create a new lockbox:

  1. On the Log Collector appliance, remove all the files in the directory /etc/netwitness/ng/vault.
  2. In the Security Analytics menu, select Administration > Services.
  3. In the Services grid, select a Log Collector service.
  4. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  5. Click the Settings tab.
  6. In the options panel, select Lockbox to maintain Lockbox settings.
  7. Enter a new password in the New Lockbox Password field.

Note: Your password is not required in order to create a new lockbox.

  1. Click Apply.

Reset the Stable System Value

Caution: If several stable system values change due to system upgrades, you must update the host system fingerprint. If you do not update the host system fingerprint, the Log Collector cannot open the Lockbox and this will affect log collection

To reset the Lockbox password for new appliance hardware (set the system fingerprint on the new hardware):

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  4. Click the Settings tab.
  5. Under Reset Stable System Value, enter a password in the Lockbox Password field and click Apply.

Generate New Encryption Key

If you generate a new encryption key, passwords for any existing event sources can no longer be decrypted so you must reset the password for each event source.

To generate a new encryption key that is applied to your event source password parameters:

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  4. Click the Settings tab.
  5. Under Generate New Encryption Key, click Apply.

Display Lockbox Stat

The Lockbox stat reflects the state of the lockbox and whether there are any event sources that use the lockbox. There is an alarm associated with the Lockbox stat that monitors the status of the lockbox. An alarm condition occurs when the Lockbox is in either a Not Found or Error Message state. 

The Lockbox stat can be one of the following values:

  • OK
  • Not Required
  • Not Found
  • Error Message

To display the Lockbox stat:

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  4. Click the System Stats Browser tab.

The following figure displays a Lockbox status that is in a Not Found state that triggers an alarm condition.

lbstat.png

You are here
Table of Contents > Log Collection Configuration Guide > Procedures > Step 2. Configure Settings > Configure Lockbox Security Settings

Attachments

    Outcomes