AnsweredAssumed Answered

RSA Security Analytics Parser Architecture

Question asked by Deepanshu Sood on Jul 6, 2015
Latest reply on Jul 6, 2015 by Deepanshu Sood

Hello Guys,


I have a doubt, last week I applied an SecurityAnalytics 2.0 parser on my SA. Now here I have one doubt.

I have two sites, i.e., Prod & DR with different SA & Log Decoder appliances, so I had applied the parser first on the DR Log Decoder and also applied the Broker & Concentrator (DR) Index file, as we use 1 broker for investigation purspose, to view all the data from every concentrator.


Now do I need to apply the same parser on the Prod Log Decoder and do the same on Concentrator also, if I"ll do it did I get the "rsasecurityanalytics" device type twice or only once.


Kindly suggest.



Deepanshu Sood.