This topic tells administrators how to change default storage passwords for database accounts that store alerts in ESA, Incident Management and Data Science.
Security Analytics 10.5 uses MongoDB as the database to store alerts in the following modules:
- Incident Management
- Data Science
The database in each module has an account to control access and each Security Analytics service account has a default password.
To strengthen security, RSA recommends that you change default passwords. Some organizations do not allow default passwords. In those cases, the procedures in this topic would be required.
This topic explains how to change the default storage password for the database account in each module.
Previous ESA Storage Password
ESA was introduced in Security Analytics 10.3 when the database was in PostgreSQL. If you used ESA in version 10.3 and created a custom password for the PostgreSQL database, it has no impact on MongoDB. When you install or or upgrade to Security Analytics 10.5, MongoDB is installed with a default password.
Incident Management and Data Science were introduced in Security Analytics 10.4 so they have only used MongoDB.
MongoDB has a master admin account that has privileges over the database accounts for the ESA, IM and Data Science services.
ESA is a requirement for Incident Management and Data Science. The configuration for each module points to the host that runs the ESA service. Databases for ESA, Incident Management and Data Science are located on the host that runs the ESA service.
The following figure shows the privileges assigned to each account during the installation or upgrade process.
For details on changing each password, see: