|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: SA Core Appliance
RSA Version/Condition: 10.4, 10.5, 10.6
O/S Version: 6
Product Name: Security Analytics Log Decoder and Packet Decoder
|Issue||RSA provides geoIP databases on all packet and log decoders. The geoIP data is used to enrich meta during the parsing phase of logs and packets. RSA does not provide regular updates to the geoIP databases. Customers can however obtain updated data from MaxMind ( www.maxmind.com ). It will require a paid account with MaxMind to obtain geoIP updates.|
The RSA supported format provided by MaxMind is DAT, and is referred to as Legacy.
|Tasks||First download the updated dats from MaxMind:|
GEO-106: GeoIP Legacy Country - Binary GZIP
GEO-111: GeoIP Legacy Organization - Binary GZIP
GEO-133: GeoIP Legacy City with DMA/Area Codes - Binary GZIP
GEO-173: GeoIP Legacy Domain Name - Binary GZIP
Use a utility such as WinSCP to copy the following dat's to the decoder:
Once the new dat's have been copied the decoder service will have to be restarted.