AnsweredAssumed Answered

Adding Security Analytics IM endpoint in RSA Archer

Question asked by rajbir singh on Aug 4, 2020
Latest reply on Aug 6, 2020 by rajbir singh

Hello Everyone, 

 

I was trying to add Security Analytics IM as endpoint in my archer setup and facing some issue stating below:

 can anyone had face the same or help me to fix this issue, Thanks in advance. 

 

Please note i have installed UCF on my Archer server and it is part of domain, also i am using customCA certificate for their communication.  

 

Add Endpoint
----------------------------------------------


1. Security Analytics IM
2. Archer
3. Enterprise Management Endpoint
4. Exit

Enter your choice:1
Please enter a user defined endpoint name [default]: SAIM
SA Host (ex: 10.6.66.96): xx.xx.16.140
SA Messaging Port (ex: 5671) [5671]: 5671
Target Queues (GRC, Operations or All) [All]: All
Automatically add certs to SA Trust Store? (Yes/No) [Yes]: Yes
Enter the account username to connect to SA Host [root]: root
Enter the account password to connect to SA Host:
Please Re-Enter value:
Testing Endpoint connection.
Installing certificates from Host:xx.xx.16.140 Port:5671

Opening connection to xx.xx.16.140:5671...

2 certificate(s) are set to be installed in the trust store:

1 Subject CN=19dde670-f9f5-46f5-a869-72e1944032aa, OU=NetWitness Platform, O=RSA, L=Reston, ST=VA, C=US
Issuer CN=Puppet CA: 19dde670-f9f5-46f5-a869-72e1944032aa
sha1 ef 47 f6 bf 2a 38 13 3c 65 0d 21 20 5a b4 b7 f7 d7 aa 00 b2
md5 91 4c 45 09 07 06 f0 71 1b c5 aa 98 41 23 e6 b3

2 Subject CN=Puppet CA: 19dde670-f9f5-46f5-a869-72e1944032aa
Issuer CN=Puppet CA: 19dde670-f9f5-46f5-a869-72e1944032aa
sha1 24 cc 15 02 5b 74 2a c5 8e a7 dc cd 92 3b 50 ab f1 80 e9 ca
md5 92 52 22 ee 8c f1 e6 d2 38 6d 34 da f9 30 52 7e

Only certificates you trust should be added to the trust store.
Existing certificates for host xx.xx.16.140 will be removed first.
Proceed? [y/n]:y
No existing certs for were found.
Stored certificate with Subject: CN=19dde670-f9f5-46f5-a869-72e1944032aa, OU=NetWitness Platform, O=RSA, L=Reston, ST=VA, C=US
Stored certificate with Subject: CN=Puppet CA: 19dde670-f9f5-46f5-a869-72e1944032aa
Auto configuring SA Cert Trust Store...
Cleared the ssh password
Copying CA trust store to SA.
Attempting to send command over SSH
Reloading SA Trust Store with Puppet agent. This could take up to 2 minutes...
Running check lock
Attempting to send command over SSH
Attempting to send command over SSH
Attempting to send command over SSH
Puppet agent is done on the SA box
Successfully set trust store.
..........
Failed to publish/consume message to SAIM Queue
Unsuccessful connection attempt.
Removing properties for the endpoint.
Failed to connect to endpoint


Welcome to the SA IM Integration Service Manager Wizard
----------------------------------------------


1. Add Endpoint
2. Edit Endpoint
3. Delete Endpoint
4. Mode Selection
5. Test Endpoint
6. Install Certificates From Directory
7. Regenerate Certificates
8. SAIM Migration
9. RCF Migration
10. Test Syslog Client
11. Exit

Enter your choice:

 

Also i have configured the respond service as per Archer integration guide.

 

 

Thanks in advance. 

 

Regards, 

Rajbir

Outcomes