Analysts can generate reports and perform advance analytics on RSA Warehouse Data. You must ensure that RSA Warehouse is up and running and Warehouse Connector is configured in NetWitness Suite.
Warehouse Analytics reports can be generated by configuring the Reporting Engine to fetch data from the Warehouse. The Warehouse Analytics Models are imported from Live and jobs are defined using these models and scheduled for to be generated at predefined time intervals. You can schedule the jobs so that reports are generated automatically at predefined time interval. Analysts can use these reports to view and investigate further on suspicious information. For more information, see Warehouse Analytics View.
This workflow is overview of the entire procedure.
To configure reports using Warehouse Analytics models, perform the following steps:
- Configure Reporting Engine to Access Warehouse Data
- Add Warehouse as a data source.
- Configure Reports for Warehouse Analytics
- Deploy Warehouse Models from Live.
Create jobs and run scheduled jobs.
- Analyze Warehouse Analytics Reports
- View and analyze Suspicious Domains reports.
- View and analyze Suspicious DNS Activity reports.
- View and analyze Host Profile reports.
- Investigation from Warehouse Analytics Reports
- Manage Reports for Warehouse Analytics
- Edit Warehouse Analytics jobs.
- Delete Warehouse Analytics jobs.
- Enable or disable scheduled Jobs.
- Refresh Jobs List.
Set access control for Warehouse Analytics jobs.
Test scheduled jobs.
- Optional Step: (Optional) Adding Roles and Assigning Permissions for the Roles