In the Cloud Gateway Analytic Stream Mappings panel (ADMIN > System > Cloud Gateway), you define the resources that RSA NetWitness Suite Cloud Behavioral Analytics (CBA) uses to automatically detect advanced threats.
You can configure the RSA Cloud Gateway to automatically upload Analytic Streams from one or more Concentrators to Cloud Behavioral Analytics (CBA). An Analytic Stream is a pipeline of selected traffic activity used for analytics processing. For example, Analytic Streams can include HTTP, FTP, SMB, or DNS traffic. By creating and deploying Analytic Stream mappings between Concentrator sources and Cloud Gateway services, data streams are automatically forwarded to the Cloud for analytics processing.
This workflow shows the process for creating and enabling a Cloud Gateway Analytic Stream mapping to start automatically detecting advanced threats.
Before you create a Cloud Gateway Analytic Stream Mappings mapping, ensure that the NetWitness Suite hosts and services that you want to use for your mappings are online and available. All of the services need to be in sync with a consistent time source. Ensure that the Concentrators are collecting the required data. Cloud Gateway services must be provisioned to enable Cloud Behavioral Analytics.
When you create a mapping, you select an Analytic Stream to map, such as HTTP. Then you select the data sources, such as Concentrators, to use for that Analytic Stream along with a Cloud Gateway service to process the data. When you are ready to start aggregating data, you deploy the mapping. (Future) Analysts can view detected threats for that Analytic Stream in the NetWitness Suite user interface (UI).
What do you want to do?
*You can complete these tasks here (that is in the Cloud Gateway Analytic Stream Mappings panel).
- RSA Cloud Behavioral Analytics
- Cloud Gateway Config View Certificate Tab
- Update a Mapping
- Undeploy a Mapping
- Delete a Mapping
- Change the Lag Time
- Analytic Stream Settings
The following example illustrates a Cloud Gateway Analytic Stream mapping. The configuration defines the data sources for the selected Analytic Stream and the Cloud Gateway service that will process the events from those data sources.
|1||Displays the Cloud Gateway Analytic Stream Mappings panel.|
|2||Shows the status of the mapping.|
|3||The name of the Analytic Stream that is mapped.|
|4||Data sources, such as Concentrators, assigned to the mapping.|
|5||Cloud Gateway service that processes the data for the mapping.|
|6||Lag Time configuration (in minutes) on the data sources for the mapping.|
|7||Actions for changing Analytic Stream settings, deploying mappings, and undeploying mappings.|
The following table describes the toolbar actions.
Cloud Gateway Analytic Stream Mappings
The following table describes the listed Cloud Gateway Analytic Stream mappings.