After adding the endpoint for NetWitness Respond, the Certificate Authority truststore fails to set.
- Make sure that the SSH credentials for the NetWitness Platform host are valid.
- If the credentials are correct, but the error still occurs, manually copy certificates.
|Remediation Tasks being pushed to the operations queue through the UCF are not appearing in RSA Archer Cyber Incident & Breach Response as Findings. || |
- Open the Connection Manager using the command prompt:
Enter 2 to edit endpoint. Enter 3 to NetWitness Platform Respond. Make sure the Target Queue is set to All or Operations.
- Change directories to <install_dir>\SA IM integration service\data-collector.
- Type: runConnectionManager.bat
|In the <install_dir>\SA IM integration service\logs\collector.log, there are SSL errors between RSA NetWitness Platform and RSA Unified Collector Framework.|| |
- Verify that the SSL certificates are valid.
Note: NetWitness Respond certificates are valid for two years.
- If your certificates are expired, regenerate and copy the expired certificates.
To regenerate and copy the certificates:
- In the Command Prompt, go to <install_dir>\SA IM integration service\data-collector.
Enter the number for Regenerate NetWitness Platform RespondIntegration Service Certificate.
- In the NetWitness Platform Respond endpoint, in Connection Manager, enter the number for Edit Endpoint.
- Enter Yes to copy the certificates automatically to the NetWitness Platform trust store.
Note: If certificates fail to copy, manually copy the certificates.
|NetWitness Platform unable to forward incidents to UCF.|| |
- In the collector config (C:\PROGRAM FILES\RSA\SA IM INTEGRATION SERVICE\CONFIG\collector-config), change the following:
- Restart UCF. For more information on restarting UCF, see Start the RSA Unified Collector Framework.
- In the data collector (C:\PROGRAM FILES\RSA\SA IM INTEGRATION SERVICE\data-collector), double click on the following file to run it.