Context Hub: Configure Context Hube Data Source Settings

Document created by RSA Information Design and Development on Sep 15, 2017Last modified by RSA Information Design and Development on Oct 4, 2017
Version 5Show Document
  • View in full screen mode
  

After you have configured the required data sources you can customize the settings for the data sources based on your requirement.

To access and configure settings:

  1. Go to ADMIN> Services.
    The services view is displayed.
  2. In the Services panel, select the Context Hub service and click > View > Config.
    The Services Config view of Context Hub is displayed.
  3. Select the data source for which you want to configure the settings and click in the Actions column.
    The following screenshot is an example of the NetWitness Endpoint settings dialog:
    Data source settings configuration
  4. Configure the following fields:
  5.                                            
    FieldDescription
    EnableThis option is enabled by default (checked) and can be used to enable or disable the response from the selected data source.
    Cache Settings

    Any lookup from Context Hub can be stored in the Context Hub cache for a configured time. Response to any subsequent matching request will be fetched from the Context Hub cache.
    Use this section to define the following cache settings for query lookup:

    • Cache Enabled: By default, this checkbox is selected and the query response is cached.
    • Cache Expiration (Minutes): The maximum time the query lookup is retained in cache. The default time is 30 minutes and maximum is 7200 minutes that you can configure.

    List value Expiration

    Enable: Select Enable to define the number of days the list values must be available. By default, this option is disabled and the values are retained.

    Time to Live (Days): Enter the number of days you want to the list values to be retained.

    Meta Mapping

    Any list stored in Context Hub should be made available for a lookup. The lookup in Context Hub is performed based on meta type or entities. Examples IP, HOST, MAC ADDRESS, DOMAIN, FILE_NAME, FILE_HASH, USER.

    Meta Type: Entities available in Context Hub.

    Context Hub Fields: Column headers from CSV file you have added when adding List Data Source.

    Minimum IIOC ScoreThe minimum IIOC score to be considered for fetching contextual information of Netwitness Endpoint modules.

    Query Last (Days)

    The duration (in days) for which the Context Data must be queried.

    LimitThe maximum number of records to be displayed when Context Lookup is performed.

    Recur Every

    Configure recurring schedule to fetch and store contextual data for the required intervals.

  6. Click any one of the following options:

    • Cancel - select this option to cancel the changes.
    • Save - select this option to save the changes.
    • Save and Close - select this option to save and close the dialog.

Based on the data source you select, the Response Groups differ. The following table describes the response groups for every data source.

                                           
Data Source (Connection)Response Supported GroupsField Settings
List icon ListList

Meta Mapping
Meta Type
Context Hub Fields

Settings
Data Prefetch Settings
Schedule Recurrence
List Value Expiration

Cache Settings
Cache Enabled
Cache Expiration (Minutes) [Min is 30 minutes Max is 7200 minutes]

Archer icon RSA ArcherArcher

Cache Settings
Cache Enabled
Cache Expiration (Minutes)

Active Directory iconActive DirectoryUsers

Meta Mapping

Meta Type

Context Hub Fields

Settings

Data Prefetch Settings

Schedule Recurrence

List Value Expiration

Cache Settings

Cache Enabled

Cache Expiration (Minutes)[Min is 30 minutes Max is 7200 minutes]

Endpoint icon RSA Endpoint             
IOC
Machines
Modules
             
Cache Settings
Cache Enabled
Cache Expiration (Minutes)
Settings
Context Panel Settings

Cache Settings
Cache Enabled
Cache Expiration (Minutes)

Settings
Context Panel Settings

Cache Settings
Cache Enabled
Cache Expiration (Minutes)
Settings
Minimum IIOC Score
Context Panel Settings
Respond          
Alerts icon Alerts
Incidents icon Incidents

Context Panel Settings
Data Prefetch Settings
Query Last [Days

Cache Settings
Cache Enabled
Cache Expiration (Minutes)

Live connect icon Live Connect             
Domain
File
IP

Cache Settings
Cache Enabled
Cache Expiration (Minutes)

Settings
Context Panel Settings

Note: After you configure the data source settings, you can configure the Context Hub configuration parameters by navigating to ADMIN> Services> View > Explore view. Make sure you restart the Context Hub service if you make any configuration changes in the Explore view.

You are here
Table of Contents > Configure Data Sources Settings

Attachments

    Outcomes