Hosts GS: Services

Document created by RSA Information Design and Development on Nov 7, 2017Last modified by RSA Information Design and Development on May 21, 2019
Version 15Show Document
  • View in full screen mode

You set up and maintain the NetWitness Platform services run in the Services view. With the Services view, you can:

  • Quickly search for and locate a specific service or type of service, such as Log Decoder or Warehouse Connector
  • Use shortcuts to get to administration tasks
  • Add, edit, and remove services
  • Sort services by name and host
  • Filter services by type and by name and host
  • Start, stop, and restart services

A service performs a unique function, such as collecting logs or archiving data. Each service runs on a dedicated port and is modeled as a plug-in to enable or disable, according to the function of the host. You must configure the following Core services first.

Non-SSL Port
SSL Port


Admin Server



Implemented with the NW Server





5000356003Core Service

Cloud Gateway

Cloud GatewayN/AN/A



Concentrator, Endpoint Log Hybrid

5000556005Core Service
Config Admin ServerN/AN/AImplemented with the NW Server.


Admin Server



Implemented with the NW Server

ContexthubESA PrimaryN/AN/A


Decoder (Packets)

Network Decoder and Network Hybrid

5000456004Core Service


Endpoint Log Hybrid




Endpoint Broker

Endpoint Broker and Broker




Entity Behavior Analytics

ESA Primary, ESA Secondary

ESA CorrelationESA Primary, ESA Secondary N/A50030 


Admin Server

N/AN/AImplemented with the NW Server.
InvestigateAdmin ServerN/AN/AImplemented with the NW Server.
Log Collector

Log Decoder, Log Hybrid, and Endpoint Log Hybrid

Log DecoderLog Decoder, Log Hybrid, and Endpoint Log Hybrid5000256002

Core Service

Malware Analysis

Malware Analysis and Broker

N/A60007ESA Service. On a Standalone host or co-located on host with ESA Primary.
OrchestrationAdmin ServerN/AN/AImplemented with the NW Server.
Reporting Engine

Admin Server

N/A51113Implemented with the NW Server.


Admin ServerN/AN/AImplemented with the NW Server.


Admin ServerN/AN/AImplemented with the NW Server.


Admin Server



Implemented with the NW Server






Warehouse Connector

Warehouse Connector


Command line installation


You must configure hosts and services to communicate with the network and each other so they can perform their functions such as storing or capturing data. 


This workflow shows the procedures you complete to set up and maintain a service. Adding a service to a host is the first task in this workflow. The hosts with core services are set up out-of-the-box. After that, you can set up additional services on hosts to enhance your NetWitness Platform deployment.

This is an example of a workflow for the Services view.

What do you want to do?

See Hosts and Services Procedures for detailed instructions of the following tasks.

RoleI want to ...
AdministratorMaintain a service.
Administrator Set up a host.

Related Topic

Quick Look

The following example shows you how to maintain a service.

Select a Service.


Go to ADMIN > Services view.


Click the checkbox to the left of the service you want to select.

Edit the Service Name and Connection.

 3  Click The edit icon (Alternatively, select Edit from the (Action drop-down menu).
 4  Edit the Host name.
 5  Edit the Port number.
 6  Deselect or select SSL communication connection.
 7  Click Test Connection .
8 Click Save.

Delete a Service.

 9  Select a Service and click the delete icon.

View Service Statistics and Configure Parameters

 10  Perform the following steps to view service statistics and configure a service parameters.
  1. Select a Service and click the actions icon.
  2. Click View and select:
    • System to:
      • View current high-level information about the service and its host.
      • Access the System View toolbar.
    • Stats to view detailed service statistics.
    • Config to view and configure service parameters.
    • Explore to view and configure service parameters in the NetWitness Platform Explore view.
    • Logs to view log messages issued by the service.
 11  Select a Service, click the actions icon, and click Stop a service that is running.
 12  Select a Service, click the actions icon, and click Restart to restart a stopped service.


See the following RSA NetWitness Platform guides for detailed information on individual services. Go to the Master Table of Contents to find all NetWitness Platform Logs & Network 11.x documents.

Archiver Configuration Guide

Broker and Concentrator Configuration Guide

Cloud Behavioral Analytics Gateway Configuration Guide

Context Hub Configuration Guide

Decoder and Log Decoder Configuration Guide

Endpoint Insights Configuration Guide

Event Stream Analysis (ESA) Configuration Guide

Investigate and Malware Analysis User Guide

Log Collection Configuration Guide

Malware Analysis Configuration Guide

Reporting Engine User Guide

Respond Configuration Guide

RSA NetWitness UEBA User Guide

Workbench Configuration Guide

Warehouse Connector Configuration Guide




Previous Topic:Groups Panel Toolbar
You are here
Table of Contents > References > Services View