000030500 - Users with the Analyst role are not able to run the on-demand malware scan in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030500
Applies To
RSA Product Set: Security Analytics
RSA Product/Service Type: Malware Analysis, Security Analytics UI, Security Analytics Server
RSA Version/Condition: 10.5.x, 10.6.0.0
Platform: CentOS
O/S Version: EL6
IssueA user who has the Analyst role has access to the Investigation and Malware Analysis modules.
However, when the user tries to run the on-demand Malware Analysis scan from the Investigation screen, it fails with an invalid username error.
The job gets submitted but fails because of the credentials.
The /var/lib/netwitness/uax/logs/sa.log file on the Security Analytics server reports an error similar to the example below.
2015-01-27 15:58:45,449 [CARLOS Message Dispatch 74211574] ERROR com.rsa.smc.sa.malware.job.MalwareOnDemandSchedulerManager - 10.25.51.158:56003 received error: Invalid username or password

The spectrum.log file on the Malware Analysis appliance reports errors similar to the following:
2015-01-27 15:58:45,421 [onDemandNextGenExecutor-3(#27 10.25.51.158:56003)] WARN com.rsa.netwitness.carlos.clients.nextgen.nw.NwClientPipeBase - 10.25.51.158:56003 received error: Invalid username or password
2015-01-27 15:58:45,424 [onDemandNextGenExecutor-3(#27 10.25.51.158:56003)] WARN com.rsa.netwitness.carlos.clients.nextgen.nw.NwClientPipeBase - 10.25.51.158:56003 received error: Invalid username or password
2015-01-27 15:58:45,425 [onDemandNextGenExecutor-3(#27 10.25.51.158:56003)] ERROR com.netwitness.malware.server.ondemand.job.OnDemandJob - Failed to get events: 10.25.51.158:56003 received error: Invalid username or password
com.netwitness.api.ondemand.OnDemandException: 10.25.51.158:56003 received error: Invalid username or password
ResolutionThis issue is currently being investigated by the Engineering team in order for it to be resolved in a future release.
If you have any additional questions or concerns regarding the issue, contact RSA Support and quote this article number for further assistance.

Attachments

    Outcomes