000030428 - RSA Security Analytics Malware Cloud Connectivity Failure

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030428
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Malware Analysis, Malware Analysis CoLo
RSA Version/Condition: 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, 10.4.0, 10.4.0.1, 10.4.0.2, 10.4.1, 10.4.1.1, 10.5.0, 10.5.0.1
Platform: CentOS
O/S Version: EL6
IssueRSA has identified an issue with the Malware Analysis client certificate model that will prohibit access to the RSA Malware Analysis cloud services if not updated to prevent community scoring failures.
When the issue is occurring, the spectrum.log will report an error similar to the example below.

2015-07-06 13:36:31,788 [nextGenEventExecutor-18(ModuleTask@3e76c437 x.x.x.x:56003/334955832730)] WARN  com.netwitness.malware.server.modules.rulegroup.internet.InternetModule - Not able to call cloud/community due to = peer not authenticated
Resolution

CAUTION: If the following Hot Fix / Upgrade is not applied, the Malware appliance will not be able to successfully connect to the Malware cloud, thus Community Results will fail.
To fix this issue follow the recommended Hot Fix/Upgrade chart. All "Must upgrade to ..." within the Recommended Fix column means that version must be upgraded to and then that version's Hot Fix must be applied.
For example, if you are currently running 10.3.1 in your environment. You must upgrade to 10.3.3 first and then apply the 10.3.3 hot fix mentioned in the chart below.
If there are any questions about what version to upgrade to and which hot fix to apply, please contact RSA Support.
 


Please follow the instructions in ReadMe.txt to apply the Hot Fix.


ReleaseAffectedRecommended FixHF Release Date
10.3.0YesMust upgrade to 10.3.3 + Hot FixN/A
10.3.1YesMust upgrade to 10.3.3 + Hot FixN/A
10.3.2YesMust upgrade to 10.3.3 + Hot FixN/A
10.3.3YesMalware Hot Fix
   Malware CoLo Hot Fix
6/10/2015
10.3.4YesMust upgrade to 10.3.5 + Hot FixN/A
10.3.5YesMalware Hot Fix
   Malware CoLo Hot Fix
6/10/2015
10.4.0YesMalware Hot Fix
   Malware CoLo Hot Fix
6/10/2015
10.4.0.1YesMust upgrade to 10.4.0.2 + Hot FixN/A
10.4.0.2YesMalware Hot Fix
   Malware CoLo Hot Fix
6/10/2015
10.4.1YesMalware Hot Fix
   Malware CoLo Hot Fix
6/10/2015
10.4.1.1YesMalware Hot Fix

   Malware CoLo Hot Fix
6/10/2015
10.5.0YesUpgrade to SA 10.5.0.2 or
   Malware Hot Fix
   Malware Colo Hot Fix
6/21/2015
10.5.0.1YesUpgrade to SA 10.5.0.2 

Attachments

    Outcomes