MA: Add Malware Analysis Host and Service

Document created by RSA Information Design and Development on Sep 15, 2017Last modified by RSA Information Design and Development on Sep 19, 2017
Version 2Show Document
  • View in full screen mode
  

You can add a Malware Analysis host and service to NetWitness Suite. Your NetWitness Suite environment determines how you add a host. Refer to the basic instructions for adding a host (Add or Update a Host) in the Host and Services Getting Started Guide. Use the procedure in this section only if you need to add a Malware Analysis host manually.

Note: To complete this step you must have the NetWitness Suite License Server setup as described in the Licensing Guide. 

  • For co-located Malware Analysis on the NetWitness Server, the NetWitness Server is already added as a host, and you need to add the Malware Analysis service on the server.
  • Only add Malware Analysis host if there is a physical or virtual Malware Analysis appliance (not co-located Malware Analysis service on the NetWitness Server).

Prerequisite

To add a host and service in NetWitness Suite, the operations setup must be complete and an instance of NetWitness Suite must be installed and running.

Procedure

To manually add a Malware Analysis host to NetWitness Suite:

  1. Log in to NetWitness Suite.
  2. In the main menu, select Administration > Hosts. The Administration > Hosts view is displayed.
  3. In the Hosts panel toolbar, click .
    The Add Host dialog is displayed.
  4. In the Name field, enter a name for the Malware Analysis host. In the Hostname field, enter the host name, the virtual IP address, or IP address on the Malware Analysis. Click Save.
  5. In the toolbar, select Services.
  6. In the Services panel toolbar, click and select Malware Analysis in the resulting drop-down list of available services.

    1. The Add Service dialog is displayed with the service type Malware Analysis
  7. Enter the following information:
    In the Name field, enter a name for the Malware Analysis service.
    In the Host field, enter the host name, the virtual IP address, or IP address on the Malware Analysis.
    In the Port field, enter 60007.
    (Optional) Under Options, select Entitle Service.
  8. Click Test Connection.
    While adding the service, NetWitness Suite sends ICMP packets to the service to verify if the hostname and ip address entered is valid for a successful test connection. The result of the test is displayed in the Add Service dialog. If the test is unsuccessful, edit the service information and retry.
  9. When the result is successful, click save. The Add Service dialog closes and the Malware Analysis service is available to NetWitness Suite.(Optional) Verify the status of the Malware Analysis service. In the Administration Services view, select the Malware Analysis service and select View > System. Below is a sample of the information available for a Malware Analysis service.
    1. If the service is not licensed, navigate to the Administration > System > Licensing panel, and select Refresh Licenses in the Licensing Actions menu.

You are here
Table of Contents > Malware Analyis Configuration > Step 2. Add Malware Analysis Host and Service

Attachments

    Outcomes