Host GS: The Basics

Document created by RSA Information Design and Development

on Mar 21, 2017

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

A host is the machine on which a service runs and a host can be a physical or virtual machine.

A service performs a unique function, such as collecting logs or archiving data. Each service runs on a dedicated port and is modeled as a plugin to enable or disable, according to the function of the host.

You must configure the following Core services first:

Decoder
Concentrator
Broker
Log Decoder

All the services are listed below and each service except the Log Collector has its own guide or shares a guide in the Host and Services Configuration Guides. The Log Collector has its own set of configuration guides to handle the configuration for all the supported event collection protocols. For Log Collector information, see Log Collection Guides.

Archiver
Broker
Concentrator
Decoder
Event Stream Analysis
Context Hub
Incident Management
IPDB Extractor
Log Collector
Log Decoder
Malware Analysis
Reporting Engine
Warehouse Connector
Workbench

You must configure hosts and services to communicate with the network and each other so they can perform their functions such as storing or capturing data.

Maintaining Hosts

You use the Host view to add, edit, delete, and perform other maintenance tasks for the hosts in your deployment. See:

Host Setup Procedures - minimum tasks you must complete to set up a host in Security Analytics.
Host Maintenance Procedures - host maintenance tasks that you perform from the Hosts view.
Host Procedures from the Task List Dialog - tasks relating to a host and its communications with the network that you perform from the Task List dialog.

After your initial implementation of Security Analytics, the major task you perform from the Host view is updating your Security Analytics deployment to a new version.

Update Version Naming Convention

You use the Hosts view to apply the latest version updates from your Local Update Repository (see the Manage Security Analytics Updates topic in System Maintenance for more information on your Local Update Repository). You must understand the update version naming convention to know which version you want to apply to the host. The naming convention is major-release.minor-release.service-pack.patch. For example, if you choose 10.6.1.2, you would be applying the following version to the host.

10 = major release
6 = minor release
1 = service pack
2 = patch

Updating a Host Version

You use the Hosts view to update a host to a new version. The following example illustrates how to do this. When there are version updates available for a host, Update Available is displayed in the Status column and you choose the update from the Select Version column. See Apply Updates for detailed instruction on how to apply a new version update to a host.

Note: If you cannot find a version, you may need to populate your local update repository. For more information, see the Populate Local Update Repository topic in System Maintenance.

1	Select the version from the Update Version column. If you do not have enough disk space in your Local Update Repository to download a version update, the Repository Space Management dialog is displayed with the contents and disk space status of the repository (see Free Local Update Repository Disk Space for instructions on how to free disk space). You can delete a version or version that you do not need to free enough disk space to download the version you want. (See Troubleshooting 10.6 Pre-Update and Update Warnings, Conflicts, and Errors). Note: You can only update to the latest minor release or a patch.
2	Select the host, or hosts, that you want to update. The Security Analytics (SA) Server Host must be updated to the latest version in your deployment before you can apply that version to any other host. If you select multiple hosts for an update, Security Analytics updates the SA Server Host first. If you try to update one or more hosts other than the SA Server Host to the latest version in your deployment before the SA Server Host, Security Analytics will not allow you to do this. If a host is currently on a version that is not a valid update path, Security Analytics tells you to contact Customer Care for instructions on how to update the host to a valid path. Note: If you have conflicts updating any of the non-SA Server hosts, the SA Server Host remains grayed out until other host conflicts are resolved.
3	Click Update to start the update process.
4	Monitor monitor the progress of the update in the Status column. During the update process, Security Analytics: Downloads the update package for the selected version if that package does not exist in your Local Update Repository. If you select multiple hosts to update, displays In Queue for Update while it applies the version to each host. Displays Running Pre-Update Checks while it validates your current version configuration. Displays Update warning. View details if there is an issue in your existing configuration that does not prevent you from updating to the new version. Displays Update conflict. View details if there is a conflict in your existing configuration that blocks you from updating to the new version. See Troubleshooting 10.6 Pre-Update and Update Warnings, Conflicts, and Errors for instructions on how to resolve these configuration warnings and conflicts. Initiates the update if there are no conflicts. Applies each package for the selected update version. Monitors the update. If there is an error that blocks the update, Security Analytics displays Update error. View details. See Troubleshooting 10.6 Pre-Update and Update Warnings, Conflicts, and Errors for instructions on how to resolve these errors. Prompts you to Reboot Host after the host has been updated.
5	Click Reboot Host. When you are updating multiple hosts, after each host is updated and running, Security Analytics displays Up-to-Date. If the host is updated, but all the services are not restarted after reboot, Security Analytics displays the services in red. Services may take several minutes to come online. Contact Customer Care if the host does not come back online.

Deploying Multiple Versions

Security Analytics supports multiple versions in your deployment. The Security Analytics (SA) Server Host is updated first and all other hosts must have the same or earlier version as the SA Server Host.

Note: The Hosts view ensures that the SA Server Host is updated first and that all other hosts have the same or earlier version as the SA Server Host.

In the following example of a multiple version deployment.

Version updates currently available in your Local Update Repository are 10.6.1.0 and 10.5.1.4 for the Broker, LC/LD, and Log Decoder hosts.
The SA Server Host and all the other hosts are currently updated to 10.6.1.

This means that you have the option to update the Broker, LC/LD, and Log Decoder hosts to 10.6.1.0 or 10.5.1.4.

Maintaining Services

You use the Services view to add, edit, delete, monitor, and perform other maintenance tasks for the services in your deployment. See Service Procedures for detailed instructions on the tasks you perform from the Hosts view.

Previous Topic:Hosts and Services Getting Started Guide

Next Topic:Host Setup Procedures

You are here

Table of Contents > The Basics

Host GS: The Basics

Maintaining Hosts

Update Version Naming Convention

Updating a Host Version

Deploying Multiple Versions

Maintaining Services

Attachments

Outcomes

Related Content

Recommended Content

Incoming Links