000035376 - How to change account passwords on the RSA NetWitness Event Stream Analysis appliance

Document created by RSA Customer Support Employee on Aug 19, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035376
Applies ToRSA Product Set: Security Analytics, NetWitness Logs & Packets
RSA Product/Service Type: Event Stream Analysis (ESA)
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
Platform: CentOS
Platform (Other): MongoDB
O/S Version: EL6
ResolutionChange the DB Admin Account Password
The following steps will guide the user through the process for changing the DB Admin Account Password.
  1. Log on to the ESA Server via SSH as the root user.
  2. Log on to MongoDB as the admin user.
    mongo admin -u admin -p {current_password}

  3. Execute the command below to change the admin password.
    db.changeUserPassword(‘admin’,’{desired_password}’)

    User-added image

Change the ESA DB Account Password
The following steps will guide the user through the process for changing the ESA DB Account Password.
  1. Log on to the ESA Server via SSH as the root user.
  2. Log on to MongoDB as the admin user.
    mongo admin -u admin -p {current_password} --authenticationDatabase admin

  3. Execute the command below to change the ESA account password.
    db.changeUserPassword(‘esa’,’{desired_password}’)

    User-added image
     
  4. Change the ESA account password in the UI.
    1. Log in to the RSA Security Analytics UI as an admin user.
    2. Follow this path to access the Explore page for ESA:  Administration > Services > {ESA Server} > View > Explore
    3. Expand the tree in the left pane to access the proper location to change the ESA password: Event Stream Analysis > Alert > Storage > configuration
    4. Change the value for ConnectionPassword to the password created in Step 3.
        User-added image
         
    5. To validate the new password entered in the UI matches the password in the database, view the Summary page for Alerts: Alerts > Summary
If content is visible here as expected then the password change was successful.
NotesThe admin account has privileges over all databases and accounts. 

Attachments

    Outcomes