AnsweredAssumed Answered

Is the RSA Whois Service Down at The Moment. My ESA Stopped aggregating?

Question asked by David Waugh on Jun 7, 2018
Latest reply on Aug 28, 2018 by David Waugh

Hello

 

THe normal test alert that fires every morning did not happen today, and looking at the ESA log I am seeing

 

2018-06-06 07:20:55,309 [Carlos@3884f95a-85(onRequest(GetAlertsRequest))(328779)] INFO com.rsa.netwitness.core.api.alert.MongoAlertManager - 1 rows returned by query [Query: { "$and" : [ { "time" : { "$gte" : { "$date" : "2018-06-05T07:21:00.000Z"} , "$lte" : { "$date" : "2018-06-06T07:20:59.999Z"}}} , { "module_id" : "56fe8fe8f144d3ab2660e689"} , { "severity" : { "$in" : [ 3]}}]}, Fields: null, Sort: { "time" : -1}]
2018-06-06 07:20:57,262 [Carlos@5ed098d8-80(onRequest(GetAlertRequest))(328779)] INFO com.rsa.netwitness.core.api.alert.MongoAlertManager - 1 rows returned by query [{ "_id" : "924b3b65-4414-4d53-831c-47cb7f79d4ac"}]
2018-06-06 07:21:26,790 [pool-6-thread-4] INFO com.rsa.netwitness.common.whois.WhoisClient - whois request failed for domain "zuko.io" with status 504: <html><head><title>504 Gateway Time-out</title></head><body bgcolor="white"><center><h1>504 Gateway Time-out</h1></center><hr><center>nginx</center></body></html>

 

After I disabled the C&C Model then aggregation on the ESA Started again.

Outcomes