MA: Add Malware Analysis Host and Service

Document created by RSA Information Design and Development on Jun 25, 2017
Version 1Show Document
  • View in full screen mode
  

This topic provides instructions for adding a Malware Analysis host and service to Security Analytics. Your Security Analytics environment determines how you add a host. Refer to the basic instructions for adding a host (Add or Update a Host) in the Host and Services Getting Started Guide. Use the procedure in this section only if you need to add a Malware Analysis host manually.

  • For co-located Malware Analysis on the Security Analytics Server, the Security Analytics Server is already added as a host, and you need to add the Malware Analysis service on the server.
  • Only add Malware Analysis host if there is a physical or virtual Malware Analysis appliance (not co-located Malware Analysis service on the Security Analytics Server).

Prerequisite

To add a host and service in Security Analytics, the operations setup must be complete and an instance of Security Analytics must be installed and running.

Procedure

To manually add a Malware Analysis host to Security Analytics:

  1. Log on to Security Analytics.
  2. In the Security Analytics menu, select Administration > Hosts.
    The Administration > Hosts view is displayed.
  3. In the Hosts panel toolbar, click .
    The Add Host dialog is displayed.
  4. In the Name field, enter a name for the Malware Analysis host. In the Hostname field, enter the host name, the virtual IP address, or IP address on the Malware Analysis. Click Save.
  5. In the Security Analytics toolbar, select Services.
  6. In the Services panel toolbar, click  and Malware Analysis in the resulting drop-down list of available services.
    The Add Service dialog is displayed with the service type Malware Analysis.
  7. Enter the following information:
    In the Name field, enter a name for the Malware Analysis service.
    In the Host field, enter the host name, the virtual IP address, or IP address on the Malware Analysis.
    In the Port field, enter 60007.
    (Optional) Under Options, select Automatically Entitle Service.
  8. Click Test Connection.
    While adding the service, Security Analytics sends ICMP packets to the service to verify if the hostname and ip address entered is valid for a successful test connection. The result of the test is displayed in the Add Service dialog. If the test is unsuccessful, edit the service information and retry.
  9. When the result is successful, click Save.
    The Add Service dialog closes and the Malware Analysis service is available to Security Analytics.
  10. (Optional) Verify the status of the Malware Analysis service. In the Administration Services view, select the Malware Analysis service and select  > View > System. Below is a sample of the information available for a Malware Analysis service.
  11. If the service is not licensed, navigate to the Administration > System > Licensing panel, and select Refresh Licenses in the Licensing Actions menu.
You are here
Table of Contents > Basic Setup > Add Malware Analysis Host and Service

Attachments

    Outcomes