000016980 - Unable to perform Malware Analysis On-Demand scans using trusted connections in RSA Security Analytics 10.4.x and above

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016980
Applies ToRSA Product Set: Security Analytics

RSA Product/Service Type: Malware Analysis

RSA Version/Condition: 10.4.x, 10.5.x

Platform: CentOS

O/S Version: EL6
IssueUnable to perform Malware Analysis On-Demand scans using trusted connections in RSA Security Analytics 10.4.x and 10.5.x.

The following error message is displayed in the Security Analytics UI when attempting to utilize the Scan for Malware feature:  There is communication failure.  Please try again later.



 

An error message similar to the example below is displayed in /var/lib/netwitness/rsamalware/spectrum/logs/spectrum.log when attempting to perform an On-Demand scan.



2014-08-18 19:12:14,180 [onDemandNextGenExecutor-3(#422348 10.25.51.158:56003)] ERROR com.netwitness.malware.server.si.ondemand.OnDemandNextGenService - Failed to get events: 10.25.51.158:56003 received error: Parameter username: Value cannot be empty
com.netwitness.api.ondemand.OnDemandException: 10.25.51.158:56003 received error: Parameter username: Value cannot be empty


CauseThis issue occurs because the introduction of the trusted security model implemented currently does not address the need for a service that resides on another physical/virtual appliance to trust another service from a different physical/virtual appliance.
WorkaroundTo resolve the issue, perform the trusted connections process again on the Concentrator, following the steps below.
  1. On the Administration -> Services page in the Security Analytics UI, disable the trusted connections for the Concentrator.
  2. Perform a Test Connection and click on the Save button.
  3. Edit the Concentrator service again and enable the trusted connections, removing the credentials if they are present.
  4. Perform a Test Connection again and click on the Save button.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
NotesThe co-located Malware Analysis (Malware CoLo) service is not affected by this issue.
Legacy Article IDa67622

Attachments

    Outcomes