Sys Maintenance: Populate Local Update Repository

Document created by RSA Information Design and Development Employee on Mar 22, 2017Last modified by RSA Information Design and Development Employee on Aug 1, 2017
Version 8Show Document
  • View in full screen mode

The Local Update Repository is the staging area in your Security Analytics deployment from which you apply version updates to your hosts. The Live Update Repository is the location to which RSA posts the latest Security Analyticsversion updates. This topic describes the following two options of populating the Local Update Repository in your Security Analytics deployment from the Live Update Repository:

  • Option 1 - Connect to the Live Update Repository.
    This connects your Security Analytics Local Update Repository to the RSA Live Update Repository through the Internet using your LIVE account.
  • Option 2 - Download version updates from RSA Link (
    If you do not allow your Security Analytics deployment to connect to the Internet, you must download the update packages from RSA Link to a local directory and then upload them to your Security Analytics Local Update Repository.

Option 1 - Connect to Live Update Repository

Access to the Live Update Repository requires and uses the Live Account credentials configured under Administration > System > Live.

Note: When you make the initial connection with the Live Update Repository, you will be accessing all the CentOS 6 system packages and the RSA Production packages. This download of over 2.5GB of data will take an indeterminate amount of time depending on your Security Analytics Server’s Internet connection and the traffic of the RSA Repository. It is NOT mandatory to use the Live Update Repository.

To connect to the Live Update Repository:

Note: If you need to use a proxy to reach out to the Live Update Repository, you can configure the Proxy Host, Proxy Username, and Proxy Password. Refer to Configure Proxy for Security Analytics in the Security AnalyticsSystem Configuration Guide in the help on RSA Link (

  1. Navigate to the Administration > System view, select Live Services in the options panel and ensure that credentials are configured. If they are not configured, do so now, click Test Connection, and click Apply.
    Make sure that Test Connection is successful because this account is used to access the Live Update Repository.
  2. Select the Updates > Settings tab.
  3. Select the Enable check box and click Apply.
  4. Use the Test Connection button to check for connectivity. Make sure that this is successful. An RSASoftware.repo file is automatically created in the Security Analytics Server Host /etc/yum.repos.d/ directory, which is used by your Local Update Repository to communicate with the Live Update Repository.
    After it is enabled, the Local Update Repository will synchronize and download all available packages from the Live Update Repository on the next scheduled event. You can also force a synchronize job from the Updates Repository tab using the Synchronize Now option. After you update both of the Update Repositories (Live and Local), you can see all downloaded RPM packages in the Updates Repository tab of the Administration > Updates panel.
  5. In the Security Analytics menu, select Administration > System.
    The Info view is displayed.
  6. In the left panel, select Updates.
  7. In the Updates Repository tab, click . A message similar to the following is displayed.

    The Updates Repository tab is displayed with the updates you retrieved by synchronizing.

Option 2 - Download Version Updates from RSA Link

You would need to populate Security Analytics update repository from RSA Link ( for the following reasons:

  • If the version updates that you want are not in your Local Update Repository (that is, they are not listed in the Updates Available list for a host in the Updates column in the Hosts view).
  • If your Security Analytics deployment does not have Internet access.

Warning: After you update a host from the Local Update Repository, you may not be able to access earlier versions to update other hosts. This is determined by the amount of available space in your Local Update Repository and the size of the update packages. For example, if you updated the Security Analytics Server Host to and then to, may have been removed and will not be available to update other hosts. If you needed to update another system to (before updating to, you would need to download from RSA Link and manually update the Local Update Repository again.

To populate your Local Update Repository from RSA Link:

  1. Download the zip files for the release you are installing from RSA Link ( to a local directory.
  2. In the Security Analytics menu, select Administration > System.
  3. In the left panel, select Updates.
  4. In the Settings tab, make sure the Enable checkbox is not selected.
  1. In the Manual Updates tab, click Upload Files.
    The Upload File dialog is displayed.
  2. Click and browse to the local directory where you put the zip files and select the files.

The Update RPMs display in the Manual Updates tab.

The upload status is displayed in the lower left corner. When the upload is complete, Security Analytics server unzips all the RPM packages and displays them in the Manual Updates tab.

  1. Select all files in the Manual Updates list and click Apply.
    This moves the RPM files into the Local Update Repository on the Security Analytics Server and makes them available to hosts.
  2. If you applied the Defense Information System Agency (DISA) Security Technical Implementation Guide (STIG) hardening RPM in Security Analytics, you must perform the following tasks on all components, including the Security Analytics server, to migrate it to

    Note: These steps apply only to STIG. Do not perform these steps for any non-STIG system, including FIPS.

    1. SSH to the host.

    2. yum update glibc

    3. reboot

You are here
Table of Contents > Manage Security Analytics Updates > Populate Local Update Repository