Context Hub: Configure Archer as a Data Source

Document created by RSA Information Design and Development on Sep 15, 2017Last modified by RSA Information Design and Development on Oct 4, 2017
Version 6Show Document
  • View in full screen mode
  

You can configure Archer as a data source for Context Hub and use the Context Hub service to fetch contextual information from Archer.  Use the procedures in this topic to add Archer as a data source for Context Hub service and configure the settings (if required) for Archer. 

Prerequisites

Before you configure Archer data source, ensure that:

  • Context Hub service is available in ADMIN>Services view of NetWitness Suite.
  • Archer is installed with Licensed Devices application.

 

To add Archer as a data source for Context Hub:

  1. Go to ADMINServices.
    The Services view is displayed.
  2. Select the Context Hub service, and click  > View > Config
    The Services Config view is displayed.
  3. In the Data Sources tab, click Archer
    The Add Data Source dialog is displayed.
    Add Archer as a data source
  4. Provide the following information:

    • By default, the Enable checkbox is selected. If this option is unchecked, the save button is disabled, you cannot add the data source, and cannot view the contextual information.
    • Enter the following fields:
      • Name: Enter a name for Archer data source.
      • Host: Enter the hostname or IP address where Archer server is installed.
      • SSL: By default this option is selected and enables SSL communication to Archer .
      • Trust All Certificates: Select this checkbox to add the data source without validating the certificate. If you uncheck this option, you need to upload a valid Endpoint server certificate for the connection to be successful.
      • Port: The default port is 443.
      • Username: Enter the Archer Server username.
      • Password: Enter the Archer Server password.
      • Instance: Enter the Instance name from which you want to extract data. An RSA Archer instance is a single set up that includes unique content in a database, the connection to the database, the interface, and log-in. You might have individual instances for each office location or region or for development, test, and production environments. The Instance Database stores the RSA Archer content for a specific instance.
      • Context Base: Enter the virtual directory name where the files are stored. For example, rsaarcher located at the RSA Archer web address https://archer.company.com/rsaarcher/default.aspx. If the files are stored in the IIS default web address https://archer.company.com/default.aspx, then this field must be empty.
      • Max. Concurrent Queries: You can configure the maximum number of concurrent queries defined by the Context Hub service to be run against the configured data sources. The default value is 10.
  5. Click Test Connection to test the connection between Context Hub and the Archer data source.
  6. Click Save.
    Archer is added as a data source for Context Hub and is displayed in the Data Sources tab.
    Added Archer as a Data Source
 

After adding the data source, you can configure data source settings. For instructions, see Configure Context Hub Data Source Settings . And View the contextual data in the Context Summary Panel of the Respond view or Investigate view. For instructions, see the Netwitness Respond User Guide and Investigation and Malware Analysis User Guide

You are here
Table of Contents > Configure Data Sources for Context Hub > Configure Archer as a Data Source

Attachments

    Outcomes