The primary use for creating and subsequently deploying a resource package is for customers using an air gap network environment. In this case, you create a resource package on the network that is connected to the internet, and then deploy the resource package on a more secure network.
Create and Deploy Resource Package Use Case
The basic steps are as follows:
- Access NetWitness Platform Live Services using an instance that is connected to the internet.
- Create a Resource package as described below, adding whichever content items you need.
- Copy the ZIP archive of the packages to your secure NetWitness Platform instance, by using a thumb drive or other manual copying process.
- On the secure NetWitness Platform instance, deploy the resource package. For more information, see Resource Package Deployment Wizard.
Prerequisites to Create a Resource Package
A prerequisite for creating resource packages is configuration of the connection and synchronization between the CMS server and NetWitness Platform and the ability to search for resources in the User Interface.
Creating a Resource Package
The following procedure describes how to create a resource package, as a ZIP archive and save it to your local file system.
To create a resource package:
- Go to (Configure) > Live Content from the RSA NetWitness UI.
Select the resources that you want to package in the Matching Resources grid.
- Select some or all the resources that are listed in the Matches Resources pane.
- Select > Create.
NetWitness Platform creates a .zip archive that contains the selected resources and downloads it to your default download folder. NetWitness Platform gives the package a generic name. You should rename it when you save it so that it identifies the resources contained in the package.
Creating Threat Package
The following procedure describes how to create a resource package that contains all the content that is categorized as Threat. Then we rename it, using the type of content and date.
- Go to (Configure) > Live Content.
- From the Category section, select THREAT.
Select all items returned by clicking on the checkbox in the column header row of the Matching Resources pane.
A ZIP archive is saved to your Downloads folder. For example, resourceBundle8740753704980701969.zip.
- Rename the package to something meaningful. For example, in this case, you cold change the package name to threatResourceBundle_2018_01_31.zip (assuming today's date is January 31, 2018).
The resource package is now available for later deployment.
Deploying a Threat Package
This procedure assumes that you saved a package named threatResourceBundle_2018_01_31.zip, as described in the previous section. It describes how to deploy a saved resource package
- Go to (Configure) > Live Content.
- In the Matching Resources pane, select > Deploy.
Click Browse and navigate to the threatResourceBundle_2018_01_31.zip file that were created earlier.
The Resources page displays details for the resources in the package.
The Services page displays two tabs, Services and Groups, which provide a list of services and service groups that are configured in the (Admin) > Services view. The columns are a subset of the columns available in the Services view.
Select the services on which you want to deploy the content. You can select any combination of services and service groups.
The Review page is displayed.
- Click Deploy to complete the deployment process. Alternatively, you can choose Cancel or Previous to either cancel the deployment or go back to the previous screen.