000030924 - Malware Analysis cannot connect to the ThreatGRID web service in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030924
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Malware Analysis
RSA Version/Condition: 10.3.x, 10.4.x
Platform: CentOS
Platform (Other): ThreatGRID
O/S Version: EL5, EL6
IssueThe /var/lib/rsamalware/spectrum/logs/spectrum.log file reports the error message below when the Malware Analysis appliance attempts to connect to the ThreatGRID web service.
ERROR com.netwitness.api.services.result.EvaluationContext - Exception raised while evaluating event 0 : java.lang.RuntimeException: Could not generate DH keypair
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
CauseIn Java versions 1.7.0_74 and older, the prime size must be a multiple of 64, and can only range from 512 to 1024, while ThreatGRID only accepts a minimum prime size of 2048.
ResolutionTo resolve the issue, perform the steps below.
  1. Download the RSA Security Analytics Q2 2015 Security Patch.
  2. Add the packages into Security Analytics Updates Repository as instructed in the Security Analytics User Guide.
  3. Connect to the Malware Analysis appliance via SSH as the root user.
  4. Issue the command below to update Java.
    yum update java

  5. Restart the Malware Analysis service on the appliance.
    stop rsaMalwareDevice
    start rsaMalwareDevice

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
NotesThe full error message from the spectrum.log file is attached to this article as a text file.