IPDB: IPDB and the IPDB Extractor Service

Document created by RSA Information Design and Development on Mar 21, 2017
Version 1Show Document
  • View in full screen mode

This topic introduces the IPDB Extractor service and its role in the Reporting Module. You can choose the Internet Protocol Database (IPDB) as the source of your data when generating reports in the RSA Security Analytics Reporting module. The IPDB Extractor service sends data from the IPDB to the Reporting Engine. The IPDB is the repository for both normalized and raw event messages. It stores all collected messages in a file system organized by event source (service), IP address, and time (year/month/day) with index files to facilitate searches (report and queries). 

Note: The IPDB Extractor only supports Content 2.x Event Sources.

You can use the Live Manual Resource Deployment dialog to deploy the latest content to the IPDB Extractor service. Deployment stores the IPDB Extractor service content in  /etc/netwitness/ng/envision/etc directory. The content consists of:

  • The service xml for all service types that RSA supports.
  • The ipaddr.tab file - IP address file.
  • The ecat.ini file.
  • The table-map.xml file - envision content to NetWitness meta map.

You are here
Table of Contents > IPDB and the IPDB Extractor Service