Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000029414 - Integrate ECAT Feed with RSA Security Analytics

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000029414
Applies To	RSA Security Analytics 10.3.x RSA Security Analytics 10.4.x
Issue	How to integrate ECAT Feed with RSA security Analytics
Tasks	How to integrate ECAT Feed with RSA security Anayltics
Resolution	1- Export public Ecat certificate a-From server\cert directory in Ecat get Ecat CA certificate 2- Import ECAT public certificate to SA UI Java Store a- cd /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/jre/bin B- ./keytool -import -v -trustcacerts -alias ECAT -file /root/B64EcatCA.cer -keystore /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/jre/lib/security/cacerts -keypass changeit -storepass changeit where -alias ECAT = a name to give the cert in the keystore (can be anything) -file /root/B64EcatCA.cer = exported CER from ECAT Server. Results should be like this: Owner: CN=EcatCA Issuer: CN=EcatCA Serial number: -271f479f6107d579bdb7a8766ca92be2 Valid from: Fri Sep 19 08:02:14 UTC 2014 until: Sat Dec 31 23:59:59 UTC 2039 Certificate fingerprints: MD5: F2:6D:82:EB:D1:74:D7:E7:BE:C5:FB:9A:B5:36:44:E9 SHA1: 1C:CF:89:77:F9:61:68:B5:F8:64:DF:36:BD:D9:F6:16:71:FA:3B:34 SHA256: 3B:55:B6:F1:2E:EE:F3:1D:7A:0C:02:AA:87:80:22:E0:A1:D5:E6:7B:91:22:81:A6:FC:04:0F:29:21:5E:89:21 Signature algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.1 Criticality=false 0000: 30 39 80 10 EC 0C AF 37 EA 39 B4 70 FA 3E 30 3C 09.....7.9.p.>0< 0010: AF 4A EF F4 A1 13 30 11 31 0F 30 0D 06 03 55 04 .J....0.1.0...U. 0020: 03 13 06 45 63 61 74 43 41 82 10 D8 E0 B8 60 9E ...EcatCA.....`. 0030: F8 2A 86 42 48 57 89 93 56 D4 1E .*.BHW..V.. Trust this certificate? [no]: yes Certificate was added to keystore [Storing /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/jre/lib/security/cacerts] [root@RSASA bin]# 3- to check the keystore run this command and search by alias name you configured ./keytool -list -keystore /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/jre/lib/security/cacerts \| grep -i ECAT Enter keystore password: changeit ecat, 21/09/2014, trustedCertEntry, 4- Restart jetty a-stop jettysrv b-start jettysrv 5-From SA UI Go to Live--->Feeds-->Add new Feed in URL insert the following URL https://EcatServerExported:9443/ext/feed/machines.csv Make sure that SA can resolve EcatServerExported to Ecat IP address either by DNS or putting this entry in hosts file Also Double confirm that SA can reach Ecat on the following port 9443 using openssl openssl s_client -connect EcatServerExported:9443 and check if you can see Connected or not this mean port is accessible If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Attachments

Outcomes

0 Comments

Recommended Content