000026969 - Alternative methods for adding users in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026969
Applies ToRSA Security Analytics
RSA NetWitness NextGen
RSA NetWitness NwConsole
IssueAlternative methods for adding users in RSA Security Analytics.
Provide alternatives to adding Users via Security Analytics (SA) UI or using NetWitness Administrator thick client.
How can I add users with NwConsole?
How can I add users through the REST interface?

NwConsole - Adding Users

Example of adding local users to a broker using a NwConsole one liner. The -c is used to separate multiple commands run within NwConsole.

NwConsole -c login localhost:50003 admin admin_acct_password -c /users addOrMod name=exampleuser password=exampleuserpassword groups=Administrators authType=netwitness queryLevel=3

Note: make sure you use single quotes ' if your password contains special characters.


REST Interface - Adding Users

The REST interface is another way that an administrator can maintain appliances. It uses HTTP protocol to transfer queries. Some administrators use this to perform user management using scripting.


curl --user '$USERNAME:$PASS' 'http://$IPADDRESS:$PORT/users?msg=addOrMod&name=$USERNAMETOCREATE&password=$USERSPASSWORD&groups=$WHICHGROUP&queryLevel=1'



$USERNAME: Username of account used to run REST query e.g. admin

$PASS: Password of account used to run REST query

$IPADDRESS: your Appliance IP address

$PORT: REST port

$USERNAMETOCREATE: Username you wish to add

$USERSPASSWORD: User's password

$WHICHGROUP: which group user will be member of e.g. Administrators

$QUERYLEVEL: The query level which defines the maximum amount of time a query can run for

Default query levels:


 Query Level Max Amount of Time a query will be allowed to Run
1 60
2 40
3 20

Hint: You may not want to sent password in cleartext via REST, you can send password as a hash instead


curl --user '$USERNAME:$PASS' 'http://$IPADDRESS:$PORT/users?msg=addOrMod&name=$USERNAMETOCREATE&password=$HASH&pwdIsHashed=true&groups=$WHICHGROUP&queryLevel=1'

$HASH: Is the SHA256 hash

Note: For Security Analytics 10.3.X and later version, this needs to be a salted SHA256 hash.
Legacy Article IDa64782