|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Security Analytics Server, Security Analytics UI
RSA Version/Condition: 10.3.x, 10.4.x, 10.6.x
O/S Version: EL6
|Issue||At this time, the ability to export user information for system users into a readable format for auditing purposes is not available within the Security Analytics.|
|Tasks||This article will provide steps that explain how to query the underlying h2 database for the Security Analytics to list the user's table to the console and into a file.|
|Resolution||To have the ability to query the h2 database on the Security Analytics server, you must first obtain the h2-1.2.147.jar tool (http://repo1.maven.org/maven2/com/h2database/h2/1.2.147/h2-1.2.147.jar) and transfer it to the /var/lib/netwitness/uax/db directory using your preferred file transfer agent such as WinSCP or FileZilla.|
Alternatively, if the Security Analytics server appliance has Internet access, you can obtain the tool using the wget command with the instructions below.
The tool is placed in the /var/lib/netwitness/uax/db directory so that it can be easily accessible when needing to access the h2 database for the Security Analytics UI. However, using the tool against the active database instance requires the jettysrv service to be stopped, which will prevent access to the user interface. As an alternative, follow the steps below to create a copy of the database against which to query using the tool, which will allow the jettysrv service to remain running.
The output will be formatted in a CSV file formatted as follows:
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
|Notes||The screenshot below provides a demonstration of the procedure mentioned above.|