000029468 - How to reset the RSA Security Analytics Incident Management DB account password

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029468
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics Server, Incident Management
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
Platform: CentOS
Platform (Other): MongoDB
O/S Version: EL6
TasksThe following steps will guide the user through the process for changing the Incident Management (IM) database account password.
  1. Connect to the ESA appliance via SSH as the root user.
  2. Log onto the MongoDB for Incident Management as the root user by issuing the command below.
    mongo im -u admin -p <current_password> --authenticationDatabase admin

         NOTE: The default admin password is netwitness.
  3. Execute the command below to change the IM account password.
    db.changeUserPassword('im','<new_password>')

  4. Log off from the MongoDB.
    exit

  5. Change the IM account password in the Security Analytics UI.
    1. In the Security Analytics UI, navigate to Administration -> Services.
    2. Select the Incident Management service, click on the Actions button, and select View -> Explore.
    3. In the directory tree, navigate to Incident Management -> Service -> configuration -> database.
    4. Change the value for Password to the new password created in the previous step.
  6. Restart the Incident Management service with the command below to reflect the change.
    1. In the Security Analytics UI, navigate to Administration -> Services.
    2. Select the Incident Management service, click on the Actions button, and select Restart.

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
NotesTo verify that the new password entered into the UI matches that of the database, simply navigate to Incidents -> Alerts within the Security Analytics UI.  If content is displayed as expected, then the password change was successful.

Attachments

    Outcomes