This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
  • RSA.com
  • Products
    • Archer®
      • Archer®
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Archer® Exchange
      • Training
      • Upcoming Events
      • Videos
    • RSA® Fraud & Risk Intelligence Suite
      • RSA® Fraud & Risk Intelligence Suite
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Web Threat Detection
      • Upcoming Events
      • Videos
    • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Cloud
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Upcoming Patch Content
      • Videos
    • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication Mobile SDK
      • Advisories
      • Events
      • Ideas
      • Knowledge Base
      • Request Access
      • Training
    • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 7.x
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® Adaptive Authentication for eCommerce
      • RSA® Adaptive Authentication for eCommerce
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® FraudAction Services
      • RSA® FraudAction Services
      • Advisories
      • Discussions
      • Documentation
      • Ideas
      • Videos
    • RSA® Web Threat Detection
      • RSA® Web Threat Detection
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Videos
    • RSA NetWitness® Platform
      • RSA NetWitness® Platform
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Integrations
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • RSA NetWitness® Detect AI
      • RSA NetWitness® Detect AI
      • Documentation
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA NetWitness® Investigator
      • RSA NetWitness® Investigator
      • Documentation
      • Download the Client
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA NetWitness® Orchestrator
      • RSA NetWitness® Orchestrator
      • Overview
      • Documentation
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA SecurID® Suite
      • RSA SecurID® Suite
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Knowledge Base
      • Ideas
      • Integrations
      • Training
      • Videos
    • RSA® Identity Governance & Lifecycle
      • RSA® Identity Governance & Lifecycle
      • Advisories
      • Blog
      • Community Exchange
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • RSA SecurID® Access
      • RSA SecurID® Access
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Integrations
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • Other RSA® Products
      • Other RSA® Products
      • RSA® Access Manager
      • RSA® Data Loss Prevention
      • RSA® Digital Certificate Solutions
      • RSA enVision®
      • RSA® Federated Identity Manager
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
  • Resources
    • Advisories
      • Product Advisories on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Hosted
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Product Advisories
    • Blogs
      • Blogs on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Blogs on RSA Link
    • Discussion Forums
      • Discussion Forums
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Discussion Forums on RSA Link
    • Documentation
      • Product Documentation
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Documentation on RSA Link
    • Downloads
      • Product Downloads
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Downloads on RSA Link
    • Ideas
      • Idea Exchange
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Documentation on RSA Link
    • Knowledge Base
      • Knowledge Base
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Knowledge Base Pages on RSA Link
    • Upcoming Events on RSA Link
      • Upcoming Events
    • Videos
      • Videos on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Videos on RSA Link
  • Support
    • RSA Link Support
      • RSA Link Support
      • News & Announcements
      • Getting Started
      • Support Forum
      • Support Knowledge Base
      • Ideas & Suggestions
    • RSA Product Support
      • RSA Product Support
      • General Security Advisories and Statements
      • Product Life Cycle
      • Support Information
      •  
      •  
      •  
      •  
      •  
  • RSA Ready
  • RSA University
    • Certification Program
      • Certification Program
    • Course Catalogs
      • Course Catalogs
      • Archer®
      • RSA NetWitness® Platform
      • RSA SecurID® Suite
    • On-Demand Subscriptions
      • On-Demand Subscriptions
      • Archer®
      • RSA NetWitness® Platform
      • RSA SecurID® Suite
    • Product Training
      • Product Training
      • Archer®
      • RSA® Fraud & Risk Intelligence Suite
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
    • Student Resources
      • Student Resources
      • Access On-Demand Learning
      • Access Virtual Labs
      • Contact RSA University
      • Enrollments & Transcripts
      • Frequently Asked Questions
      • Getting Started
      • Learning Modalities
      • Payments & Cancellations
      • Private Training
      • Training Center Locations
      • Training Credits
      • YouTube Channel
    • Upcoming Events
      • Upcoming Events
      • Full Calendar
      • Conferences
      • Live Classroom Training
      • Live Virtual Classroom Training
      • Webinars
Sign In Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

RSA NetWitness® Platform Discussions

Discussions about the RSA NetWitness Platform.
  • RSA Link
  • :
  • Products
  • :
  • RSA NetWitness Platform
  • :
  • Discussions
  • :
  • enVision confusion
  • Options
    • Subscribe to RSS Feed
    • Mark Topic as New
    • Mark Topic as Read
    • Float this Topic for Current User
    • Bookmark
    • Subscribe
    • Mute
    • Printer Friendly Page
RomanZeltser
RomanZeltser Beginner
Beginner
‎2017-05-12 09:00 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

enVision confusion

I have been told that enVision is outdated product, and there is no path to upgrade it. We have it disabled. If this is a case, why do we need IPDB active if enVision is not needed anymore?IPDB works together with enVision by taking the data from it and helping to create the reporting.

 

If I am correct about enVision, what should be done to disable IPDB and Health and Wellness alert messages (I can't delete it from there)?

  • Tags:
  • Community Thread
  • Discussion
  • enVision
  • Forum Thread
  • IPDB
  • NetWitness
  • NW
  • NWP
  • RSA NetWitness
  • RSA NetWitness Platform
0 Likes
Share
Reply
  • All forum topics
  • Previous Topic
  • Next Topic
14 Replies
NaushadKasu1
New Contributor NaushadKasu1 New Contributor
New Contributor
‎2017-05-12 10:02 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

The reason nwipdbextractor exists is because although enVision is end-of-life, it will have a lot of data for customers that they need to retain for compliance reasons (3 years, 5 years etc..).  So, until that time passes, it may be required for that data to be not only stored but also queried where the nwipdbextractor comes in.

 

If you want to get rid of the binary on the system, see below.  If you want to not see those alarms, you can go into H&W and disable that alarm under the Hosts section of H&W Policies.

 

You can also disable nwipdbextractor using the following steps but after upgrade, the changes will be overwritten and steps below will have to be re-applied:

 

·        stop nwipdbextractor  (this takes several minutes to complete.)
·        yum erase nwipdbextractor
·        rm -f /etc/collectd.d/NwIPDBExtractor.conf
·        service collectd restart

2 Likes
Share
Reply
RomanZeltser
RomanZeltser Beginner
Beginner
In response to NaushadKasu1
‎2017-05-12 10:07 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Thank you very much. Since we have no data for compliance reason (I had to rebuild the system over after the disaster recovery), it makes sense to remove IPDB. Your instruction on how to do it is appreciated, too.

 

===============

Roman Zeltser, CISSP

Sr. IM Security Analyst

CDR Associates

 

307 International Circle

Suite 300

Hunt Valley, MD 21030

P: 410-560-2269 x.1261

rzeltser@cdrassociates.com<mailto:rzeltser@cdrassociates.com>

Preview file
2 KB
0 Likes
Share
Reply
ThomasFedorchuk
Occasional Contributor ThomasFedorchuk Occasional Contributor
Occasional Contributor
‎2017-05-12 11:06 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Also, along with the comments from Naushad above you should remove the ipdbextractor service from the "mongo puppet" database. This KB article explains the process. 

https://community.rsa.com/docs/DOC-46084

0 Likes
Share
Reply
RomanZeltser
RomanZeltser Beginner
Beginner
In response to ThomasFedorchuk
‎2017-05-12 11:39 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

It is helpful. Thanks.

I have executed what you have suggested. So far, the server reports the missed malware-analysis-solo class...

0 Likes
Share
Reply
RomanZeltser
RomanZeltser Beginner
Beginner
In response to ThomasFedorchuk
‎2017-05-12 11:43 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

The IPDB Alert is still visible in the Health & Wellness:

pastedImage_1.png

0 Likes
Share
Reply
RomanZeltser
RomanZeltser Beginner
Beginner
In response to ThomasFedorchuk
‎2017-05-12 11:49 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Thomas,

I see the following messages in the monitored log:

pastedImage_1.png

 

what does it mean?

0 Likes
Share
Reply
NaushadKasu1
New Contributor NaushadKasu1 New Contributor
New Contributor
In response to RomanZeltser
‎2017-05-12 11:52 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Go to Admin -> Health & Wellness -> Policies -> IPDB Extractor (policy in the left panel) and disable the alerting.

0 Likes
Share
Reply
NaushadKasu1
New Contributor NaushadKasu1 New Contributor
New Contributor
In response to RomanZeltser
‎2017-05-12 11:52 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

This is a bug in extra audit logging that will be fixed in 10.6.3.1 or 10.6.4.0 (I forgot which build but expected to be fixed in future).  Safe to ignore for now.

0 Likes
Share
Reply
ThomasFedorchuk
Occasional Contributor ThomasFedorchuk Occasional Contributor
Occasional Contributor
In response to RomanZeltser
‎2017-05-12 11:54 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

It looks like you cut/pasted the command into your ssh window and the dash in between "reporting" and "engine" got dropped... you'll need to re-do the command but  make sure all the character from the article are in the command..

 

/etc/puppet/scripts/addService.py db51aab5-5071-480f-93af-6bfb32e24816 reporting-engine,saserver,appliance,incident-management,malware-analysis-colo,broker

0 Likes
Share
Reply
  • « Previous
    • 1
    • 2
  • Next »
  • « Previous
    • 1
    • 2
  • Next »
Powered by Khoros
  • Products
  • Resources
  • Solutions
  • RSA University
  • Support
  • RSA Labs
  • RSA Ready
  • About RSA Link
  • Terms & Conditions
  • Privacy Statement
  • Provide Feedback
© 2021 RSA Security LLC or its affiliates.
All rights reserved.