How to determine if MQBridge is configured and working in RSA Web Threat Detection 5.1
RSA Product Set: Web Threat Detection RSA Product/Service Type: Forensics RSA Version/Condition: 5.1 Platform: Linux O/S Version: Red Hat Enterprise Linux 5.x Product Description: RSA WTD F&M SW On Prem Lic
A customer may have some questions on MqBridge-- 1. What is the basic function of MQBridge? 2. How can we determine if on a given server it is configured? 3. Is MQBridge actually being used? 4. Is MqBridge working correctly or performing efficiently?
1. What is the basic function of MQBridge?
WTD allows extracting data from Plex's by connecting an MQBridge to a Plex (BackPlex by default). Connecting to a RabbitMQ allows pulling from the MQBridge an an easy format while also having many clients to pull the data and many useful capabilities like users, resource management (# of threads, pull size, amount of listeners, multi tenant and more).
2. How can we determine if on a given server it is configured?
A. Go to Configuration Manger and look for MqBridge section and edit. B. look for setting of mqServerHost, usually this will not be the default - local host C. mqCredentials would have to be completed for a connection to an MQ Exchange, as listed in exchangeName, which default value = default-exchange.
3. Is MQBridge actually being used? A. The customer needs to work with the System Admins to determine are there any processes in place that are using RabbitMQ Server. B. Varz grapher will be able to show if the service is on, if messages are coming in and going out. (dropped messages may mean no process is picking up on the MQ Rabbit side, so may not be configured or may be an issue.) Note: RSA Customer Support does not support RabbitMQ in anyway, however for a basic understanding go to https://www.rabbitmq.com/getstarted.html. 4. Is MqBridge working correctly or performing efficiently? Varz Grapher plus information on the use of MQRabbit as part of a process in their business can help determine this. Look for --
size of Messages queued,
input(from a plex),
number of messages coming in verses leaving.
what are the results on the system that is subscribing to the MQBridge?
For more information see the RSA Web Threat Detection System Administration Guide version 6.1 Chapter 6 - Data Streaming from RSA Link (https://community.rsa.com/)