|Applies To||RSA Product Set: All RSA Products|
Platform: RSA Link (community.rsa.com)
|Issue||I want to know where I can find knowledge base articles on RSA Link that relate to specific security vulnerabilities so that I can know how my RSA products are impacted and what steps must be taken to mitigate the risk.|
|Resolution||Information relating to security vulnerabilities is provided by RSA via security advisories and knowledge base articles. Security advisories are notifications that are published on RSA Link and distributed to all customers and partners with active maintenance contracts for the affected product(s) via email. |
Knowledge base articles, on the other hand, are only published on RSA Link and only those that subscribe to (i.e. "follow") the knowledge base for the product will receive email notifications. These articles are updated regularly--often multiple times per day when vulnerabilities are first discovered--to provide a real-time status on the impact to RSA products.
Vulnerabilities that have no impact on an RSA product (such as false positives) are published in the regular product knowledge base areas which are publicly accessible without the need to log in to RSA Link. (For example, the article entitled RSA Security Analytics 10.6.2 OpenSSL vulnerabilities - False Positive is published within the RSA NetWitness Logs & Packets Knowledge Base space.)
Articles addressing vulnerabilities that do impact RSA products and require mitigation (or which are still under investigation) are accessible only by customers and partners with active maintenance contracts for the affected product, for obvious security reasons. Therefore, these articles reside on the restricted RSA Security Advisories (All Products) page. However, the most recent articles that meet this criteria can still be found on both the Knowledge Base and Security Advisories pages for each product under the Recent Advisory Articles section, as shown in the screenshots below.
The image above shows the Recent Advisory Articles section on the RSA NetWitness Logs & Packets Knowledge Base page.
The image above shows the Recent Advisory Articles section on the RSA SecurID Access Security Advisories page.
The recent advisory articles can also be found on the RSA Link Knowledge Base page, which can be accessed by clicking on the Support option in the website main menu and then by clicking on the Knowledge Base option on the page menu, as shown below.
If you wish to be notified via email whenever one of these advisory articles are published then it is recommended that you subscribe to (i.e. "follow") the RSA Security Advisories (All Products) page and select the "Inbox" option.
|Notes||Because the advisory articles (also known as "Security KB" articles) are restricted to customers and partners with active maintenance contracts, when viewing a knowledge base page while not logged in a message will be displayed in place of the articles instructing the user to log in, as shown in the screenshot below.|