This section provides resolutions to common problems that you may encounter while configuring RSA Archer® Cyber Incident & Breach Response 220.127.116.11 with NetWitness Respond.
|Unable to add NetWitness Endpoint successfully to UCF.||Login to the NetWitness server console and check the truststore.pem file under /etc/rabbitmq/ssl/truststore.pem and verify if the certificates (rootcastore.crt.pem and keystore.crt.pem) are updated correctly. If the certificates are not updated, manually copy the contents of both the certificates to the truststore.pem file. After updating, restart the rabbitmq service.|
After adding the endpoint for NetWitness Respond, the Certificate Authority truststore fails to set.
|Remediation Tasks being pushed to the operations queue through the UCF are not appearing in RSA Archer® Cyber Incident & Breach Response as Findings.|
|In the <install_dir>\SA IM integration service\logs\collector.log, there are SSL errors between RSA NetWitness Platform and RSA Unified Collector Framework.|
To regenerate and copy the certificates:
|When ESA alerts with severity High or Low are forwarded to RSA Archer, the Security Alert Priority field is not populated in the RSA Archer UI.||None, as it functions as designed.|
|When ESA Command and Control Aggregate Scores details are forwarded from NetWitness Suite to RSA Archer UI, fields such as Beaconing Behavior, Rare Domains, Rare User Agents, Missing Referrers, and Suspicious Domains Aggregate Score do not get populated.||None, as it functions as designed.|
|RSA Archer recurring feeds does not work in SSL mode.||Make sure you create the RSA Archer recurring feeds in non-SSL mode.|
Table of Contents > Troubleshoot RSA Archer Integration