This topic provides instructions for an Administrator to enable community analysis. For Community analysis, new malware detected on the network is pushed to the RSA Cloud for checking against RSA's own malware analysis data and feeds from the SANS Internet Storm Center, SRI International, the Department of the Treasury and VeriSign. To enable Community analysis, you must register with the RSA cloud and test connection to the cloud, then to test the connection between the RSA cloud and the service you have configured for continuous scanning.
A complete description of analysis methods is provided in How Malware Analysis Works.
- In the Security Analytics menu, select Administration > Services.
- Select a Malware Analysis service, and in the row select > View > Config.
- In the Service Config View, select the Integration tab.
- Scroll down to the Continuous Scan Connection Test, and click RSA Cloud Connection Test and Registration.
Security Analytics tests communications with the site at https://cloud.netwitness.com. If your company uses a proxy for outbound traffic, please check your Proxy settings. A valid connection is required in order to register with the RSA Community Service.
- Enter your company name and contact email. Click Register.
If all required fields are complete, your registration is completed. The label on the button used to register changes to Update.
- To verify that the Malware Analysis Service can connect to the Core service selected for continuous scanning, click Continuous Scan Connection Test.
Security Analytics initiates a check based on the Source Host, Source Port, Username, and User Password specified in the General tab.
When the test executes successfully, analysts are able to see Community Scoring in Malware Analysis.