In the Hosts view, you can manage and configure the hosts and host groups that are available to RSA Security Analytics modules. In the Hosts view, you can:
- Quickly search for and locate a specific host or type of host, such as Decoder, Broker, or Concentrator
- Add, edit, or delete hosts
- Check for updates on hosts
- Update hosts
- View host statistics
- Add, edit, or delete host groups
- Sort hosts by Name and Host
- Filter hosts by Name and Host
- Clear provisions on hosts
Hosts can be physical or virtual and they can map to one or more types of services:
- Event Stream Analysis
- Incident Management
- IPDB Extractor
- Log Collector
- Log Decoder
- Malware Analysis
- Reporting Engine
- Warehouse Connector
You can access the services on any host by clicking the button in the Services column for that host.
To access the Administration Hosts view, from any Security Analytics module, in the Security Analytics menu, select Administration > Hosts.
The following figure is an example of the Hosts view prior to 10.5.1.
The following figure is an example of the Hosts view for 10.5.1 and later.
The Hosts view has two panels:
- Hosts panel
- Groups panel
In the Hosts panel, you can view information about hosts and perform host operations such as adding, deleting, editing, discovering, updating, and rebooting. You can also obtain information about the services on the host and quickly toggle to the Services view to get detailed information on those services. The Hosts panel consists of a grid populated with the list of defined Security Analytics hosts and the Hosts Panel Toolbar.
This table describes the columns in the grid.
|Selects a row for an action in the toolbar or in the Actions column. Selecting the checkbox in the column title selects or deselects all rows in the grid.|
|Name||The name of the host.|
|Host||The hostname or IP address of the host.|
|Services||Indicates the number of services connected to the host and the color of the box indicates the status of the services. Green indicates that all of the connected services are started (for example, capturing or aggregating data). Yellow indicates that some of the connected services are started. Red indicates that the connected services are stopped.|
Clicking the box shows the type of services connected to the host. Currently service types are Archiver, Broker, Concentrator, Decoder, Event Stream Analysis, Incident Management, IPDB Extractor, Log Decoder, Log Collector, Malware Analysis, Reporting Engine, Warehouse Connector, and Workbench. A solid colored green circle indicates that a connected service is started. A blank white circle indicates that a connected service is stopped.
You can click the service links to toggle to the Services view for more information about the connected services.
|Total Memory||Shows the total memory of the host.|
|CPU||Shows the CPU usage percentage.|
|OS||Shows the operating system installed on the host.|
|Uptime||Shows the amount of time that has passed since the host started.|
(Updates earlier than 10.5.1)
|Prior to 10.5.1, the status of the host in reference to the Security Analytics YUM updates repository. Possible values include: Update to version-number, Update(number-of-RPMs-available-for-updates), Checking, Updating, Synchronizing, Reboot Required, Enabling, Unknown, Error, and Up-to-Date.|
(10.5.1 and later updates)
|For 10.5.1 and later, the status of the host in reference to the Security Analytics YUM updates repository. Possible values include:|
|Actions||Provides an Actions menu for the selected host with actions that can be taken on the host. The Actions menu allows you to delete, edit (change the name and host name of the host), and reboot the host.|
The Groups panel provides a way to create logical groups of hosts. Once hosts are grouped, it is easier to perform operations on multiple hosts by interacting with each host in a group rather than individual hosts from an ungrouped list. In Security Analytics Live, groups can subscribe to resources while individual hosts can not.
The Groups panel consists of a grid populated with a list of defined host groups and the Groups Panel Toolbar
|Name||The name of the host group. Clicking the group name in the Groups panel lists the hosts in that group on the Hosts panel.|
|<Blank>||Indicates the number of hosts in the group. Clicking the number of hosts in the group on Groups panel lists the hosts in that group on the Hosts panel.|