Hosts GS: Services

Document created by RSA Information Design and Development on Nov 7, 2017Last modified by RSA Information Design and Development on Jan 31, 2020
Version 22Show Document
  • View in full screen mode
 

You set up and maintain the NetWitness Platform services in the Services view. In the Services view, you can:

  • Quickly search for and locate a specific service or type of service, such as Log Decoder or Warehouse Connector.
  • Use shortcuts to get to administration tasks.
  • Add, edit, and remove services.
  • Sort services by name and host.
  • Filter services by type, name, and host.
  • Start, stop, and restart services.

A service performs a unique function, such as collecting logs or archiving data. Each service runs on a dedicated port and is modeled as a plug-in to enable or disable, according to the function of the host. You must configure the following Core services first.

                                                                                                                                                                                                            
ServicesUnencrypted
Non-SSL Port
Encrypted
SSL Port
Notes

Admin Server

Admin
Config
Content
Integration
Investigate
License
Orchestration
Reporting Engine
Respond
Security

N/A
N/A
N/A
N/A
N/A
N/A
N/A
51113
N/A
N/A

N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A

Implemented with the NW Server
Implemented with the NW Server
Implemented with the NW Server
Implemented with the NW Server
Implemented with the NW Server
Implemented with the NW Server
Implemented with the NW Server

Implemented with the NW Server
Implemented with the NW Server

Analyst UI

 

 

 

Broker
Investigate
Reporting Engine
Respond

50003
N/A
51113
N/A

56003
N/A
N/A
N/A

Implemented with the Analyst UI
Implemented with the Analyst UI
Implemented with the Analyst UI
Implemented with the Analyst UI

Archiver

Archiver
Workbench

50008
50007

56008
56007

Core Service

 

Broker

Broker

50003

56003

Core Service

Cloud Gateway

Cloud Gateway

N/A

N/A

 

Concentrator

Concentrator

50005

56005

Core Service

Endpoint Broker

Endpoint Broker

N/A

N/A

 

Endpoint Log Hybrid

Log Collector
Log Decoder
Endpoint Server
Concentrator

50001
50002
N/A
50005

56001
56002
N/A
56005

 

ESA Primary

Entity Behavior Analytics
Contexthub
ESA Correlation

N/A
N/A
N/A

N/A
N/A
50030

 

ESA Secondary

Entity Behavior Analytics
ESA Correlation

N/A
N/A

N/A
N/A

 

Health and Wellness Beta

 

 

 

MetricsN/AN/A 

Log Collector

Log Collector

50001

56001

 

Log Decoder

Log Collector
Log Decoder

50001
50002

56001
56002


Core Service

Log Hybrid

Log Collector
Log Decoder
Concentrator

50001
50002
50005

56001
56002
56005

 

Log Hybrid - Retention

 

 

 

Log Collector
Log Decoder
50001
50002
56001
56002
 

Malware Analysis

Malware Analysis
Broker

N/A

60007

 

Network Decoder

Network Decoder

50004

56004

Core Service

Network Hybrid

Concentrator
Network Decoder

50005

56005

 

UEBA

UEBA

N/A

N/A

 

Warehouse Connector

Warehouse Connector

50020

56020

Command line installation

You must configure hosts and services to communicate with the network and each other so they can perform their functions such as storing or capturing data. 

Workflow

This workflow shows the procedures you complete to set up and maintain a service. Adding a service to a host is the first task in this workflow. The hosts with Core services are set up out-of-the-box. After that, you can set up additional services on hosts to enhance your NetWitness Platform deployment.

This is an example of a workflow for the Services view.

What do you want to do?

                            
User RoleI want to...Documentation
Administrator set up a host.

Setting Up a Host

Administratormaintain a host.Maintaining Hosts

Administrator

maintain a service.*

Maintaining Services

* You can perform these tasks in the current view.

Related Topics

See the following RSA NetWitness Platform guides for detailed information on individual services. Go to the Master Table of Contents to find all RSA NetWitness Platform 11.x documents.

Archiver Configuration Guide

Broker and Concentrator Configuration Guide

Cloud Behavioral Analytics Gateway Configuration Guide

Context Hub Configuration Guide

Decoder Configuration Guide

Endpoint Configuration Guide

Event Stream Analysis (ESA) Configuration Guide

Malware Analysis Configuration Guide

Log Collection Configuration Guide

Malware Analysis Configuration Guide

Reporting Engine User Guide

NetWitness Respond Configuration Guide

RSA NetWitness UEBA User Guide

Workbench Configuration Guide

Warehouse Connector Configuration Guide

Quick Look

This is an example of the Services view.

                     
1 Groups Panel Toolbar - Provides options to work with service groups in the list.
2 Groups Panel - Lists all service groups currently in your deployment.
3 Services List Toolbar - Provides options to work with the Services list.
4 Services List - Lists all services currently in your deployment.

Groups Panel Toolbar

                           
FeatureDescription
The Add icon Displays a new row in the Groups panel in which you enter the name of a new group.
The Delete icon

Asks for confirmation that you want to delete the group. You can confirm or cancel the deletion.

The Rename icon Opens the field for renaming the selected preexisting group. You can also double click on the group name in the Groups panel to rename the group. Changes take effect immediately.
The Refresh icon Refreshes the Groups panel to reflect the changes and goes back to the All group view. Changes take effect immediately.

Groups Panel

The Groups panel provides a logical way to manage groups of services, such as by function, geography, or project. After you create a group, you can drag individual services from the Services panel into the group. A service may belong to more than one group.

             
Column TitleDescription
Name The service groups are displayed in the Groups panel. The number next to each group name displays the number of hosts that added to the group.

 

Services List Toolbar

This topic introduces the options in Services list toolbar to add, remove, edit, and get a license for services. You can also filter the services listed in the Services list.

To access the Admin Services view, in NetWitness Platform, go to ADMIN > Services. The Services list toolbar is at the top of the Services list in the Services view.

                           
FeatureDescription
The Add icon Adds a service for your deployment of NetWitness Platform to manage. See Step 2. Install a Service on a Host.
The delete icon Deletes a service from your deployment of NetWitness Platform. See Edit or Delete a Service.
The edit icon Edits service identification and basic communication settings.
The Filter field

Filters the services listed in Services view.
In the Filter drop-down list, you can filter the services by one or more selected service types. In the Filter field, you can filter the services by Name and Host. You can use the Filter drop-down list and the Filter field at the same time to filter the services listed in the Services view.

Services List

                                         
ColumnDescription
The Checkbox icon Select the service by clicking the corresponding checkbox in this column. To select all of the services, select the checkbox in the header.
Online/Offline Indicator

Displays A green dot if the service is online.

Displays A red dot if the service is offline.

NameDisplays the name of the service that was given when the service was installed. This column is organized in alphabetical order by default. Click the Name column title to view in reverse alphabetical order.
Licensed

Displays A licensed green check if the service is licensed.

Displays A red dot if the service is not licensed. If one or more services are not licensed, a red banner will appear at the top of the screen that will prompt you to fix this.

The banner that appears when a service is not licensed

HostDisplays the host name that the service belongs to.
Type

Displays the service type.

VersionDisplays the version that the service is currently on.
Actions

Use drop-down list to:

Topics

Previous Topic:Hosts View
You are here
Table of Contents > References > Services View

Attachments

    Outcomes