Licensing: Configure Security Analytics Notifications

Document created by RSA Information Design and Development on Sep 13, 2017Last modified by RSA Information Design and Development on Apr 19, 2019
Version 19Show Document
  • View in full screen mode
 

If you have multiple NetWitness servers deployed in your environment, and require license support, you must configure multiple Mac addresses.

To configure online:

  1. Log in to the NetWitness Server console.
  2. Navigate to /opt/netwitness/flexnetls.
  3. Edit the local-configuration.yaml file and add the mac address of the back up or secondary host.
    For example, backup-hostid: 685B3596A5F3 or backup-hostid: "685B3596A5F3:785B3596A5F3".
  4. Restart systemctl restart flexnetls-RSALM.
  5. Obtain the instance details from wget http://localhost:3333/api/1.0/instances and set the "failOverRole" to MAIN to verify the failover.
    For example, "failOverRole" : "MAIN".

To configure offline: 

  1. Perform the step 1 to step 6 from the online procedure .
  2. Download the capability request from NetWitness Platform UI.
  3. Upload the request to FNO (myRSA).
  4. Upload the response from FNO (myRSA) to the NetWitness Platform UI.

Configure License Notifications

This topic provides instructions for configuring notification settings for the Local License Server (LLS). If you wish to receive alerts about the approaching license expiration date, you can configure NetWitness Platform to send notifications. You can receive notification by email, syslog and SNMP. You can also view the notification during system log on and in the Notification Tray.  You can also specify the number of days before expiration as a threshold for notification. 

To configure the notification:

  1. Log on to NetWitness Platform,
  2. Go to ADMIN > System.
  3. Select Licensing.
  4. Select the Settings tab.

    Licensing Notifications are available in the Settings tab.

  5. Select each of the methods for NetWitness Platform to use when sending a notification about the license status.

    1. To receive a notification at log on, select Login and specify the number of days before the license expires that you want to receive notification in the Login Window Threshold field.
    2. To receive a notification in the Notifications tray, select Notification Tray and specify the number of days before the license expires that you want to receive notification in the Notification Tray Threshold field.
    3. To receive an Email notification to a configured distribution list, select Email and select Configure email or distribution list. The Email panel is displayed in a separate tab, and you can configure notifications in the Email Server Settings section. Refer to the System Configuration Guide for further details.
    4. To receive syslog notifications, select Syslog and click Configure Syslog and SNMP Trap servers. The System Auditing panel opens in another tab and you can configure the system settings.
    5. To receive notifications through SNMP Trap, select SNMP Trap and select Configure Syslog and SNMP Trap servers. The System Auditing panel opens in another tab and you can configure the SNMP auditing settings.
  6. Click Apply Notifications.
    The settings are saved and go into effect immediately.

Previous Topic:License Types
You are here
Table of Contents > Configure NetWitness Notifications

Attachments

    Outcomes