You manage and configure the hosts and host groups that are available to RSA Security Analytics modules in the Hosts view. Use this view to perform the following tasks.
- Quickly search for and locate a specific host or type of host, such as Decoder, Broker, or Concentrator.
- Add, edit, or delete hosts.
- Check for updates on hosts.
- Update a host to a new version.
- Add, edit, or delete host groups.
- Sort hosts by Name and Host.
- Filter hosts by Name and Host.
- Clear provisions on hosts.
Hosts can be physical or virtual and they can map to one or more of the following services.
- Event Stream Analysis
- Incident Management
- IPDB Extractor
- Log Collector
- Log Decoder
- Malware Analysis
- Reporting Engine
- Warehouse Connector
You can access the services on any host by clicking the button in the Services column for that host.
Select Administration > Hosts in the Security Analytics menu to access the Hosts view from any Security Analytics module.
The Hosts view has two panels:
- Hosts panel
- Groups panel
In the Hosts panel, you can view information about hosts and perform host operations such as adding, deleting, editing, discovering, updating, and rebooting. You can quickly toggle to the Services view to get detailed information on those services. The Hosts panel contains the list of Security Analytics hosts in your Security Analytics deployment and the Hosts Panel Toolbar.
|Select a host or multiple hosts. If you select the checkbox in the column title, it selects all hosts.|
|Name||The name of the host.|
|Host||The hostname or IP address of the host.|
Displays the number of services connected to the host in the box. The color of the box indicates the status of the services. Green indicates that all of the connected services are started (for example, capturing or aggregating data). Yellow indicates that some of the connected services are started. Red indicates that the connected services are stopped.
Click the box under Services to show the type of services connected to the host. Security Analytics services are the Archiver, Broker, Concentrator, Context Hub, Decoder, Event Stream Analysis, Incident Management, IPDB Extractor, Log Decoder, Log Collector, Malware Analysis, Reporting Engine, Warehouse Connector, and Workbench. A solid colored green circle indicates that a connected service is started. A blank and white circle indicates that a connected service is stopped.
You can click the service links to toggle to the Services view for more information about the connected services.
|Current Version||Displays the current version of the host.|
|Update Version|| |
Displays the version or versions to which you can update the host. Select the version to which you want update the host.
For each host, displays availability of updates and the progress of the update after you initiate it. Refer to Updating a Host Version in The Basics for an illustration of the Host view with its update statuses.
The Groups panel provides a way to create logical groups of hosts. Once hosts are grouped, it is easier to perform operations on multiple hosts by interacting with each host in a group rather than individual hosts from an ungrouped list.
Note: In Security Analytics Live, groups can subscribe to resources while individual hosts can not.
The Groups panel consists of a grid populated with a list of defined host groups and the Groups Panel Toolbar.
|Name||The name of the host group. Click the group name in the Groups panel to list the hosts in that group on the Hosts panel.|
Indicates the number of hosts in the group. Click the number of hosts in the group on Groups panel to list the hosts in that group on the Hosts panel.