Broker: Broker and Concentrator Configuration

Document created by RSA Information Design and Development on Sep 14, 2017Last modified by RSA Information Design and Development on Mar 16, 2018
Version 8Show Document
  • View in full screen mode

Brokers and Concentrators work in conjunction with Decoders and Log Decoders in the NetWitness Suite network. Unlike the two types of Decoders, which capture packets and logs, Concentrators and Brokers aggregate the data captured or aggregated by other services. Brokers aggregate data from configured Concentrators; Concentrators aggregate data from Decoders. A complete overview of the NetWitness Suite network is provided in the NetWitness Suite Getting Started Guide.

Note: Go to the Master Table of Contents for Version 11.0 to find NetWitness Suite 11.0 documents.

Setting up a Broker or Concentrator involves configuring the basic system parameters, the aggregate services, and the aggregation process between a Broker or Concentrator and the aggregate services.

Basic Configuration Checklist

The following checklist provides the sequence for tasks that are required to configure a Broker or Concentrator that has been added to NetWitness Suite in accordance with the Hosts and Services Guide.

SequenceHigh-Level Task
1Verify system configuration default values for the host and service are appropriate as described in Step 1. Verify Service System Configuration
2Configure parameters that govern the overall aggregation process as described in Step 2. Configure the Aggregation Process
3Configure aggregate services as described in Step 3. Configure Aggregate Services
4(Optional) Configure group aggregation as described in Step 4. (Optional) Configuring Group Aggregation
5Start and stop aggregation as described in Step 5. Start and Stop Aggregation
You are here
Table of Contents > Broker: Broker and Concentrator Configuration