Log Collection Config: Configure Lockbox Security Settings

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

After completing this procedure, you will have:

  • Set the Lockbox password
  • Changed the Lockbox password
  • Reset the Stable System value
  • Generated a new encryption key

Note: You can configure Health & Wellness to notify when there is an issue during Lockbox configuration.

Return to Procedures

The following procedure explains how to configure Lockbox Security Settings.

  1. In the Security Analytics menu, select Administration > Services.
  2. Select a Log Collection service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config to display the Log Collection configuration parameter tabs.
  4. Select the Settings tab.
  5. Modify the Lockbox parameters.

Set the Lockbox Password

  1. In the Security Analytics menu, select Administration >Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  4. Click the Settings tab.
  5. In the options panel, select Lockbox to maintain Lockbox settings.
  1. Under Lockbox Security Settings, enter a password in the New Lockbox Password field  and click Apply.

Change the Lockbox Password

Caution: If you forgot the current password, you cannot retrieve it from the Lockbox. This means that you must recreate the lockbox.  If you recreate the lockbox, you have a new encryption key which means that passwords for any existing event sources will no longer be able to be decrypted.  You must then reset the password for each event source.

In the Security Analytics menu, select Administration >Services.

  1. In the Services grid, select a Log Collector service.
  2. Click AdvcdExpandBtn.PNGunder Actions and select View > Config..
  3. Click the Settings tab.
  4. In the options panel, select Lockbox to maintain Lockbox settings.
  5. Enter the current password in the  Old Lockbox Password field.
  6. Enter a new password in the  New Lockbox Password field.
  7. Click Apply.
    Security Analytics changes the old password to the new password.

Reset the Stable System Value

Caution: If several stable system values change due to system upgrades, you must update the host system fingerprint. If you do not update the host system fingerprint, the Log Collector cannot open the Lockbox and this will affect log collection

To reset the Lockbox password for new appliance hardware (set the system fingerprint on the new hardware):

  1. In the Security Analytics menu, select Administration >Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  4. Click the Settings tab.
  5. Under Reset Stable System Value, enter a password in the Lockbox Password field and click Apply.

Generate New Encryption Key

Caution: If you generate a new encryption key, passwords for any existing event sources can no longer be decrypted so you must reset the password for each event source.

To generate a new encryption key that is applied to your event source password parameters:

  1. In the Security Analytics menu, select Administration >Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNG under Actions and select View > Config.
  4. Click the Settings tab.
  5. Under Generate New Encryption Key, click Apply.

Parameters

Lockbox Configuration Parameters

You are here: Log Collection Configuration Guide > Procedures > Step 2: Configure Settings > Configure Lockbox Security Settings

Attachments

    Outcomes