SA Cfg: Live Configuration Panel

Document created by RSA Information Design and Development on Jul 29, 2016Last modified by RSA Information Design and Development on Dec 2, 2016
Version 2Show Document
  • View in full screen mode
  

To activate your Live account for Security Analytics, please contact RSA Customer Care. When you have confirmation that your Live account has been set up on the RSA Content Management System (CMS), you can configure and test the CMS server connection as described in Configure Live Settings.

The Live Configuration panel provides the user interface to configure:

  • The Live account and access to the Content Management System server.
  • The Live subscription update schedule and preferences for notification of updates.
  • Participation in Live Intelligence Sharing.

To access this view:

  1. In the Security Analytics menu, select Administration > System.
  2. In the options panel, select Live.

LiveAcct.png

Features

The Live Configuration panel has three sections: Live Account, Intelligence Sharing, and Subscription Settings.

Live Account Section

In the Live Account section, you must set up the user's Live account. The information needed to set up the user’s Live account consists of the Username, Password, and Live URL for the RSA Content Management System. This information is provided by Customer Care.

The Live Account section also has fields that you can use to configure Live access to the Internet through a proxy server. When configured to use a proxy server, Live issues requests to the RSA Content Management System using the proxy settings.

LiveAccount2.png

The following table describes the Live Account section features.

                                           
FeatureDescription

Username

The Live account user name as provided by RSA Customer Care.

Password

The Live account user password as provided by RSA Customer Care.

Host

The Live URL for the Content Management System. The default value points to the RSA CMS at cms.netwitness.com.

Port

The communications port for Live to send requests to the Content Management System. The default value for this field is 443, which is the communications port on the Content Management System.

Use SSL

Specifies that Live can communicate via SSL when the Decoder or Log Decoder requires it.

Use Proxy

Activates and deactivates the Proxy specification fields.

  • When checked, you can enter values to configure a proxy server.
  • When unchecked, the box tells Security Analytics Live to change from using a proxy server to issuing requests directly to the CMS.
Proxy Host

The hostname of the proxy server for LIve to use when sending requests to the Content Management System.

Proxy Port

The communications port on the proxy server for Live to send requests to the Content Management System.

Proxy Username

The username for Live to use when sending requests to the CMS via the proxy server.

Proxy Password

The password for Live to use when sending requests to the CMS via the proxy server.

Test connection

Tests the ability of Live to connect to the CMS as configured.

Apply

Saves and implements the proxy settings.

Intelligence Sharing Section

To implement Live Intelligence Sharing, this instance of Security Analytics queries a specific group of devices on a daily basis, packages the results and sends them to the RSA Live server. You can choose to participate and select a device group in the Intelligence Sharing section.

IntelligenceSharing2.png

The following table describes the Intelligence Sharing section features.

                
FeatureDescription
Participate in Live Intelligence Sharing

When selected, denotes agreement to participate in Live Intelligence Sharing.

Group of Devices to Query

An input field with drop-down selection list of available device groups.

Apply

Saves and implements the settings.

Subscription Settings Section

SubscriptionSettings.png

The following table describes the Subscription Settings features.

                         
FeatureDescription
Check for new updates

This setting dictates how often Security Analytics checks for new updates to Live Subscriptions and synchronizes subscribed resources and tags:

  • once a day
  • twice a day
  • four times a day
  • every hour
  • every other hour
  • every half hour

The default value for this setting is once a day.

Next Live synchronization is scheduled for

Displays the time and date of the next scheduled Live synchronization based on the configured interval for checking.

Email Addresses

Email addresses specified here receive messages containing a list of subscribed resources that have been updated in the last 24 hours.

HTML format

Specifies the format of email messages. Checked = HTML, not checked = text.

Synchronize Now

Instead of waiting for the next scheduled resource cycle, this option forces Live to begin immediate synchronization of the subscribed resources in this instance of Security Analytics.

Caution: Use this feature with caution because synchronization can cause a parser reload if a Lua Parser or FlexParser is deployed in the update cycle. This is acceptable once or twice a day, but a number of back-to-back parser reloads can cause packet loss at the Decoder. If this is the initial setup and you haven’t configured Live resource subscriptions, do not Synchronize Now. Wait until you have configured subscriptions.

Apply

Applies the changed configuration to the subscription synchronization behavior. The changes become effective immediately. The Next Live synchronization is scheduled for field is updated if the time changed.

You are here
Table of Contents > References > Live Services Configuration Panel

Attachments

    Outcomes