ESA Config: Change Incident Management Storage Password

Document created by RSA Information Design and Development on Mar 23, 2017Last modified by RSA Information Design and Development on Apr 14, 2017
Version 3Show Document
  • View in full screen mode
  

This topic tells administrators how to change the default storage password for the Incident Management database.

In Security Analytics, this procedure is optional. However, it is always a best practice to change any default password for added security. In organizations that do not allow default passwords, this procedure is mandatory.

Prerequisites

You must have Administrator role privileges.

The default password for the MongoDB admin account must be changed.

Procedures

Change Password for Incident Management Database Account

  1. Log on to the host that runs the ESA service:
    1. SSH to the ESA host.
    2. Log on as root.
  2. Log on to the MongoDB as admin:
    mongo im -u admin -p {current_admin_password} --authenticationDatabase admin
  3. Type the following command to change the Incident Management account password. The default password is im.
    db.changeUserPassword(‘im’,’{new_password}’)

Change Password for Incident Management Service

  1. Log on to Security Analytics as admin.
  2. In the Security Analytics menu, select Administration > Services.
  3. Select the Incident Management service, then  > View > Explore.
  4. In the Explore view on the left, select Configuration > database.
  5. In the right panel, type the database account password in the Password field.

Note: The password for the database and for the Security Analytics service configuration must be the same.

  1. Restart the Incident Management service to accept the password change and force the session to start using the new password.
    1. Select Administration > Services.
    2. Select the Incident Management service, and click  > Restart.
  2. To validate the new passwords match, select Incidents > Alerts.
    If you see content in the Alerts tab, you changed the passwords successfully.
    If you do not see content in the Alerts tab, revise the service password to match the MongoDB password.
You are here
Table of Contents > Additional ESA Procedures > Change Default Storage Passwords > Change Incident Management Storage Password

Attachments

    Outcomes