This guide provides instructions for configuring the service and a configuration checklist to guide users through the setup of IPDB Extractor Service. Each task in the checklist is described in a separate procedure, and a separate reference topic provides details on the configuration parameters. When all tasks in the checklist are complete or deemed unnecessary in the case of options tasks, Security Analytics is ready for analysts to report using IPDB.
IPDB and the IPDB Extractor Service
This topic introduces the IPDB Extractor service and its role in the Reporting Module.
You can choose the Internet Protocol Database (IPDB) as the source of your data when generating reports in the RSA Security Analytics Reporting module. The IPDB Extractor service sends data from the IPDB to the Reporting Engine. The IPDB is the repository for both normalized and raw event messages. It stores all collected messages in a file system organized by event source (service), IP address, and time (year/month/day) with index files to facilitate searches (report and queries).
Note: The IPDB Extractor only supports Content 2.x Event Sources.
You can use the Live Manual Resource Deployment dialog to deploy the latest content to the IPDB Extractor service. Deployment stores the IPDB Extractor service content in /etc/netwitness/ng/envision/etc directory. The content consists of:
- The service xml for all service types that RSA supports.
- The ipaddr.tab file - IP address file.
- The ecat.ini file.
- The table-map.xml file - envision content to NetWitness meta map.