ESA Config: Change Default Storage Passwords

Document created by RSA Information Design and Development on Nov 24, 2016Last modified by RSA Information Design and Development on Feb 9, 2017
Version 2Show Document
  • View in full screen mode
  

This  topic tells administrators how to change default storage passwords for database accounts that store alerts in ESA, Incident Management and Data Science.

Security Analytics 10.5 uses MongoDB as the database to store alerts in the following modules:

  • ESA
  • Incident Management
  • Data Science

The database in each module has an account to control access and each Security Analytics service account has a default password.

To strengthen security, RSA recommends that you change default passwords. Some organizations do not allow default passwords. In those cases, the procedures in this topic would be required.

This topic explains how to change the default storage password for the database account in each module.

Previous ESA Storage Password

ESA was introduced in Security Analytics 10.3 when the database was in PostgreSQL. If you used ESA in version 10.3 and created a custom password for the PostgreSQL database, it has no impact on MongoDB. When you install or or upgrade to Security Analytics 10.5, MongoDB is installed with a default password. 

Incident Management and Data Science were introduced in Security Analytics 10.4 so they have only used MongoDB.

Dependencies

MongoDB has a master admin account that has privileges over the database accounts for the ESA, IM and Data Science services.

Note: You must change the admin account password first. You can change passwords for the services in any sequence.

ESA is a requirement for Incident Management and Data Science. The configuration for each module points to the host that runs the ESA service. Databases for ESA, Incident Management and Data Science are located on the host that runs the ESA service. 

Database Privileges

The following figure shows the privileges assigned to each account during the installation or upgrade process. 

                              
AccountPrivilegesDatabase
adminreadWriteAnyDatabase
userAdminAnyDatabase
dbAdminAnyDatabase
All
Event Stream AnalysisreadWrite
dbAdmin
clusterAdmin
ESA
Incident ManagementreadWrite
dbAdmin
clusterAdmin
IM
Data SciencereadWrite
dbAdmin
clusterAdmin
Data Science

For details on changing each password, see:

You are here
Table of Contents > Additional ESA Procedures > Change Default Storage Passwords

Attachments

    Outcomes