Hosts GS: Hosts View

Document created by RSA Information Design and Development on Jul 27, 2016
Version 1Show Document
  • View in full screen mode
 

In the Hosts view, you can manage and configure the hosts and host groups that are available to RSA Security Analytics modules. In the Hosts view, you can:

  • Quickly search for and locate a specific host or type of host, such as Decoder, Broker, or Concentrator
  • Add, edit, or delete hosts
  • Check for updates on hosts
  • Update hosts
  • View host statistics
  • Add, edit, or delete host groups
  • Sort hosts by Name and Host
  • Filter hosts by Name and Host
  • Clear provisions on hosts

Hosts can be physical or virtual and they can map to one or more types of services:

  • Archiver
  • Broker
  • Concentrator
  • Decoder
  • Event Stream Analysis
  • Incident Management
  • IPDB Extractor
  • Log Collector
  • Log Decoder
  • Malware Analysis
  • Reporting Engine
  • Warehouse Connector
  • Workbench

You can access the services on any host by clicking the button in the Services column for that host.

To access the Administration Hosts view, from any Security Analytics module, in the Security Analytics menu, select Administration > Hosts.

The following figure is an example of the Hosts view prior to 10.5.1.

10.5.0.xHostsVw.png

The following figure is an example of the Hosts view for 10.5.1 and later.

HstVwBasics.png

Features

The Hosts view has two panels:

  • Hosts panel
  • Groups panel

Hosts Panel

In the Hosts panel, you can view information about hosts and perform host operations such as adding, deleting, editing, discovering, updating, and rebooting. You can also obtain information about the services on the host and quickly toggle to the Services view to get detailed information on those services. The Hosts panel consists of a grid populated with the list of defined Security Analytics hosts and the Hosts Panel Toolbar

This table describes the columns in the grid.

                                      
ColumnDescription
IconCheckbox.pngSelects a row for an action in the toolbar or in the Actions column. Selecting the checkbox in the column title selects or deselects all rows in the grid.
NameThe name of the host.
HostThe hostname or IP address of the host.
ServicesIndicates the number of services connected to the host and the color of the box indicates the status of the services. Green indicates that all of the connected services are started (for example, capturing or aggregating data). Yellow indicates that some of the connected services are started. Red indicates that the connected services are stopped.

Clicking the box shows the type of services connected to the host.  Currently service types are Archiver, Broker, Concentrator, Decoder, Event Stream Analysis, Incident Management, IPDB Extractor, Log Decoder, Log Collector, Malware Analysis, Reporting Engine, Warehouse Connector, and Workbench. A solid colored green circle indicates that a connected service is started. A blank white circle indicates that a connected service is stopped.
105HstSrvcsListCapture.PNG

You can click the service links to toggle to the Services view for more information about the connected services.
Total MemoryShows the total memory of the host.
CPUShows the CPU usage percentage.
OSShows the operating system installed on the host.
UptimeShows the amount of time that has passed since the host started.
Updates
(Updates earlier than 10.5.1)
Prior to 10.5.1, the status of the host in reference to the Security Analytics YUM updates repository. Possible values include: Update to version-number, Update(number-of-RPMs-available-for-updates), Checking, Updating, Synchronizing, Reboot Required, Enabling, Unknown, Error, and Up-to-Date.
Updates
(10.5.1 and later updates)
For 10.5.1 and later, the status of the host in reference to the Security Analytics YUM updates repository. Possible values include:
  • Update - Update available, not applied. Update includes package updates exclusively.
  • cautionSign.png Update -  Update available, not applied. Update includes package updates plus other updates such as a kernel. 
  • cautionSign.png Conflicts (number-of conflicts) - Pre-update host configuration has issues that prevents a successful update. See Troubleshooting 10.5.1 Pre-Update and Update Errors for instructions on how to resolve pre-update errors.
  • Update Error - Cannot apply apply one or more update packages. See Troubleshooting 10.5.1 Pre-Update and Update Errors for instructions on how to resolve update errors.
  • Checking  - Checking for new updates.
  • Updating package of total-packages - Tracks the progress of update by package.
  • Reboot Required - Host needs to be restarted for updates to take effect.
ActionsProvides an Actions menu 104Actions.png for the selected host with actions that can be taken on the host. The Actions menu allows you to delete, edit (change the name and host name of the host), and reboot the host. 

Groups Panel

The Groups panel provides a way to create logical groups of hosts. Once hosts are grouped, it is easier to perform operations on multiple hosts by interacting with each host in a group rather than individual hosts from an ungrouped list. In Security Analytics Live, groups can subscribe to resources while individual hosts can not.

The Groups panel consists of a grid populated with a list of defined host groups and the Groups Panel Toolbar

           
ColumnDescription
NameThe name of the host group. Clicking the group name in the Groups panel lists the hosts in that group on the Hosts panel.
<Blank>Indicates the number of hosts in the group. Clicking the number of hosts in the group on Groups panel lists the hosts in that group on the Hosts panel.
You are here: References > Hosts GS: Hosts View

Attachments

    Outcomes