Host GS: Hosts View

Document created by RSA Information Design and Development on Nov 23, 2016
Version 1Show Document
  • View in full screen mode
  

You manage and configure the hosts and host groups that are available to RSA Security Analytics modules in the Hosts view. Use this view to perform the following tasks.

  • Quickly search for and locate a specific host or type of host, such as Decoder, Broker, or Concentrator.
  • Add, edit, or delete hosts.
  • Check for updates on hosts.
  • Update a host to a new version.
  • Add, edit, or delete host groups.
  • Sort hosts by Name and Host.
  • Filter hosts by Name and Host.
  • Clear provisions on hosts.

Hosts can be physical or virtual and they can map to one or more of the following services.

  • Archiver
  • Broker
  • Concentrator
  • Decoder
  • Event Stream Analysis
  • Incident Management
  • IPDB Extractor
  • Log Collector
  • Log Decoder
  • Malware Analysis
  • Reporting Engine
  • Warehouse Connector
  • Workbench

You can access the services on any host by clicking the button in the Services column for that host.

Select Administration > Hosts in the Security Analytics menu to access the Hosts view from any Security Analytics module.

HstVw.png

Features

The Hosts view has two panels:

  • Hosts panel
  • Groups panel

Hosts Panel

In the Hosts panel, you can view information about hosts and perform host operations such as adding, deleting, editing, discovering, updating, and rebooting. You can quickly toggle to the Services view to get detailed information on those services. The Hosts panel contains the list of Security Analytics hosts in your Security Analytics deployment and the Hosts Panel Toolbar

                                       
ColumnDescription
Checkbox.PNG Select a host or multiple hosts. If you select the checkbox in the column title, it selects all hosts.
NameThe name of the host.
HostThe hostname or IP address of the host.
Services

Displays the number of services connected to the host in the box. The color of the box indicates the status of the services. Green indicates that all of the connected services are started (for example, capturing or aggregating data). Yellow indicates that some of the connected services are started. Red indicates that the connected services are stopped.

Click the box under Services to show the type of services connected to the host. Security Analytics services are the Archiver, Broker, Concentrator, Context Hub, Decoder, Event Stream Analysis, Incident Management, IPDB Extractor, Log Decoder, Log Collector, Malware Analysis, Reporting Engine, Warehouse Connector, and Workbench. A solid colored green circle indicates that a connected service is started. A blank and white circle indicates that a connected service is stopped.

105HstSrvcsListCapture.PNG

You can click the service links to toggle to the Services view for more information about the connected services.

Current VersionDisplays the current version of the host.
Update Version

Displays the version or versions to which you can update the host. Select the version to which you want update the host. 

  • When there is only one version is available, Security Analytics displays the version-number. Click on it to select it.
  • When there are multiple versions available, Security Analytics displays Select Version. Click Select Version and select a version from the drop-down list.
Status

For each host, displays availability of updates and the progress of the update after you initiate it. Refer to Updating a Host Version in The Basics for an illustration of the Host view with its update statuses.

  • Update Available - One or more updates are available, but not applied.
  • Update Path Not Supported - If you have a non-Security Analytics Server host running a version that is earlier than the 10.6.0 update path (for example 10.4.0) and you updated your Security Analytics Server Host to 10.6.0, the non-Security Analytics Server host will display “Update Path Not Supported” in the Status column of the Hosts view and you cannot update it from this view. To update the non-Security Analytics Server host on the unsupported path:
    1. Make sure that your Local Update Repository has the minimum supported version (for example 10.4.1.0) rpm zip file (See Populate Local Update Repository in the Security Analytics10.6.0.0 Update Instructions).
    2. SSH to the non-Security Analytics Server host and edit the /etc/yum/vars/sarelease file to the version that it intended to update such as ’10.6.0.0’. (baseurl = http/smcupdate.netwitness.com/rsa/updates.10.4.1).
    3. Run yum clean all
      Before run  yum update, verify that it can be updated to that version.
    4. Run yum update
  • Host Version cannot be determined - Contact Customer Care. 
  • In Queue for Update - If you select multiple hosts to update (displays In Queue for Update - while it applies the version to each host
  • Downloading n of n - Tracks progress of the update download by file. 
  • Running Pre-Update Checks - checking your your current version configuration to ensure that it has not conflicts.
  • Update warning. View details - found an issue in your existing configuration that does not prevent you from updating to the new version. Click View details to display the warning message dialog.
  • Update conflict. View details - found a conflict in your current version that that blocks the update. Click View details to display the conflict message dialog. You must resolve this conflict to proceed with the update.  See Troubleshooting 10.6 Pre-Update and Update Warnings, Conflicts, and Errors for instructions on how to resolve configuration conflicts.
  • Download error. View details - could not download version update file from your Local Update Repository. See Populate Local Update Repository in the System Maintenance guide.
  • Initiating Update - Initiating the update.
  • Updating n of n packages - Tracks progress of update package by package. 
  • Update error. View details -  Encountered an error during the update. Click View details to display the error message dialog. You must resolve this conflict to proceed with the update. See Troubleshooting 10.6 Pre-Update and Update Warnings, Conflicts, and Errors for instructions on how to resolve update errors.
  • Reboot Host - Click Reboot Host in the toolbar to reboot the host for updates to take effect.

Groups Panel

The Groups panel provides a way to create logical groups of hosts. Once hosts are grouped, it is easier to perform operations on multiple hosts by interacting with each host in a group rather than individual hosts from an ungrouped list.

Note: In Security Analytics Live, groups can subscribe to resources while individual hosts can not.

The Groups panel consists of a grid populated with a list of defined host groups and the Groups Panel Toolbar.

                   
ColumnDescription
NameThe name of the host group. Click the group name in the Groups panel to list the hosts in that group on the Hosts panel.
<Blank>

Indicates the number of hosts in the group. Click the number of hosts in the group on Groups panel to list the hosts in that group on the Hosts panel.

 

 

Topics

You are here
Table of Contents > References > Hosts View

Attachments

    Outcomes