SA Cfg: Live Services Configuration Panel

Document created by RSA Information Design and Development on Jul 22, 2016Last modified by RSA Information Design and Development on Dec 2, 2016
Version 4Show Document
  • View in full screen mode
  

This topic introduces the features of the System View > Live Services Configuration panel for setting up your Live account and the CMS server connection.

Live Account consists of two sections, namely RSA Live Status and Download Live Feedback Activity Log. You must Sign In by entering your Live Account credentials to access the Live Services. To activate your Live account for Security Analytics, please contact RSA Customer Care. When you have confirmation that your Live account has been set up, you can configure the CMS server connection as described in Configure Live Services Settings.

The Live Services panel provides the user interface for :

  • The Live account
  • The Live Content update schedule and preferences for notification of updates
  • Participation in Live Feedback
  • RSA Live Connect (Beta)

New Features Enabled Dialog

When you log onto Security Analytics for the first time, you will be prompted with New Features Enabled dialog.

                   
FeatureDescription

Accept

Clicking Accept indicates that you agree to the following:

  • Participate in Live Feedback
  • Allow Security Analytics to send RSA the usage metrics and version of SA hosts about your environment to RSA, provided a Live Account is configured.
  • Receive threat intelligence data from Live Connect.

View Settings

Clicking View Settings redirects you to the Live Services UI to view the settings. If you have not configured the Live Account, a masked screen is displayed.

For information on Live Feedback, see Live Feedback Overview.

For information on Analyst Behaviors and Data Sharing, see the Security Analytics Feedback and Data Sharing topic in the Live Services Management Guide.

For information on Live Connect Threat Insights, see Configure Live Services Settings.

Live Services View

You access this view in the Security Analytics menu, Administration > System > Live Services.

Note: If you are not signed in with your Live Account credentials, a masked screen is displayed.

LiveNotSignedIn.png

Features

The Live Configuration panel has three sections: Live Account, Live Content, and Additional Live Services.

Live Account Section

In the Live Account section, you must enter the Live credentials. The information needed to set up the user’s Live account consists of the Username, Password, and Live URL for the RSA Content Management System. This information is provided by Customer Care.

The following table describes the Live Account section features.

                                       
FeatureDescription

Host

The Live URL for the Content Management System. The default value points to the RSA CMS at cms.netwitness.com.

Port

The communications port for Live to send requests to the Content Management System. The default value for this field is 443, which is the communications port on the Content Management System.

SSL

Allows the user to communicate via SSL.

Username

The Live account user name as provided by RSA Customer Care.

Password

The Live account user password as provided by RSA Customer Care.

Test connection

Tests if the connection is successful or not.

Apply

Saves and applies the configuration.

The Live Account section, provides an option to download and share the Live Feedback historical data by clicking Live Feedback Activity Log.

For more information about how to download historical data, see Upload Data to RSA for Live Feedback.

Live Content Section

You can configure the Live Content Synchronization interval and notification at which Security Analytics checks for new updates to Live Content:

Use the Check for New Updates field to change the interval. Select an interval from the drop-down list. The default value for this setting is once a day.

The following table describes the Live Content features.

                                   
FeatureDescription
Check for new updates

This setting dictates how often Security Analytics checks for new updates to Live Subscriptions and synchronizes subscribed resources and tags:

  • once a day

  • twice a day

  • four times a day

  • every hour

  • every other hour

  • every half hour

The default value for this setting is once a day.

Next CheckDisplays the time and date of the next scheduled Live synchronization based on the configured interval for checking.
Email Addresses

Email addresses specified here receive messages containing a list of subscribed resources that have been updated in the last 24 hours.

HTML format

Specifies the format of email messages.

  • Checked = HTML
  • Not checked = text
Check Now

Instead of waiting for the next scheduled resource cycle, this option forces Live to begin immediate synchronization of the subscribed resources in this instance of Security Analytics.

Caution: Use this feature with caution because synchronization can cause a parser reload if a Lua Parser or Flex Parser is deployed in the update cycle. This is acceptable once or twice a day, but a number of back-to-back parser reloads can cause packet loss at the Decoder. If this is the initial setup and you haven’t configured Live resource subscriptions, do not Synchronize Now. Wait until you have configured subscriptions.

ApplyApplies the changed configuration to the subscription synchronization behavior. The changes become effective immediately. The Next Live synchronization is scheduled for field is updated if the time changed.

Force Immediate Synchronization

To force immediate synchronization, click Check Now. Security Analytics checks for updates in subscribed resources.

Instead of waiting for the next scheduled resource cycle, this option forces Live to begin immediate synchronization of the subscribed resources in this instance of Security Analytics. One use for this is to see the immediate impact of a configuration change. For example, a new service has been added, or new resources have been toggled for automatic deployment. The scheduled synchronization could take place hours later if Security Analytics Live is set to synchronize a few times a day.

Caution: Synchronization can cause a parser reload if a Flex Parser is deployed in the update cycle. This is acceptable once or twice a day, but a number of back-to-back parser reloads can cause packet loss at the Decoder. If this is the initial setup and you haven’t configured Live resource subscriptions, do not Synchronize Now. Wait until you have configured subscriptions.

Additional Live Services

Note: Click on Learn more to know more about the data RSA is collecting. For more information, see Live Feedback Overview.

The following tables describes the Additional Live Services features.

                               
FeatureDescription
Learn more (For Live Feedback)

Lists the types of data RSA is collecting:

  • Product Name

  • Product Version

  • Product Instance

  • Activation Key

  • Details of each Component such as:

    • ID

    • Name

    • Version

    • Instance ID

  • Metrics for each component

Learn more (For RSA Live Connect)Provides more information about Live Connect service and configuring Live Services.

Enable (Threat Insights)

Enables Threat Insights feature where Live Connect is added as a data source for Context Hub service and the analyst can pull threat intel data during investigation. Ensure that context hub is already configured before enabling this feature.

This option is enabled by default (checked)

Enable (Analyst Behaviors)Enables Security Analytics to send anonymous, technical data about your environment to RSA. This option is enabled by default (checked)
Apply

Applies the configured changes. The changes become effective immediately.

Note: This option is applicable only for Threat Insights and Analyst Behaviors.

About Live Feedback Participation

When you participate in Live Feedback, it collects relevant information for further improvement. For information on Live Feedback, see Live Feedback Overview.

When you install Security Analytics, you will be prompted to participate in Live Feedback. For information, see .Configure Live Services Settings

If needed, you can manually download historical usage data and share it with RSA. For information on how to download historical usage data and share it with RSA, see Upload Data to RSA for Live Feedback.

You are here
Table of Contents > References > Live Services Configuration Panel

Attachments

    Outcomes