Good Afternoon,
I am in the process of converting from RSA enVision to the more powerful RSA Security Analytics for logging. There are a massive amount of reports that are currently running within enVision, but would like to run in Security Analytics. What is the best way to get those reports into Security Analytics? Thank you for your time.
V/r
James
Hi James
Our upcoming release of Security Analytics 10.2 will include a set of utilities called "enVision Transition Tools". The transition tools are designed to inspect a given enVision deployment, inspecting the collection configuration as well as the reports. For collection, the tool will create a file format that can be bulk loaded into the SA Log Collector, elininating the need for you to retype hundreds of credentials or IP address. For enVision reports, the tool will inspect each report, and if the report can be directly converted to Security Analytics syntax then the tool will emit the RULE needed to create the report. If the report cannot be converted then the tool will describe what parts of the report cannot be carried over.
Hi, Steven,
That's great news!
How about custom parsers, correlation and transport (e.g. winsshd config+keys, ODBC data sources) migration?
Will this tool be available on SCOL?
HI Steve
Really good news and we are awating for this tool...whne it will be published.
Thanks
Ganesh
All,
I've been told from our Professional Services Manager, that these tools are only being used internally at this point, and won't be released to customers for quite awhile. Steven, can you shed any light on this?
Regards,
James
HI Steve
Really good news and we are awating for this tool...whne it will be published.
Thanks
Ganesh
you can open support case to get from support, please try.
Thanks Pat.Will try to open case.As well any idea as we are having 10.2 and CEP module and we have seen only 15 Rules in SA from Live..Any idea where to download more Rule for CEP as in current phase we are not going to have ESA box.
same here, i only can find 11 rules.
Not sure, what i know the Live account got access levels, but if the whole Live system only contains 15, then no choice.
HI Pat..
Well last time i had call with RSA they said you can download Rules form the internet CEP site...I am still serching for it till my ESA box get live.
i think support means we need to create by ourselves...
Good one BTW as per the support if we you download the content then its having the respective CEP rule...trying today and will update you .
BTW any idea if we can install the Z connector on ES box ..we have ES box and RSA doucment says we can install only on LS....any idea...
We have to start the installtion...:(
We installed the Z Connector on an all in one enVision box. Also the tool this thread is about does not exist. From a sales engineer that I trust: The tool was being developed but they could never get it to work well enough that they could release it to consumers. It is likely possible to get the tool but expect to get bad results from it.
Well ,Today i have just installed Z connector (log forwading tool) but getting the bewlo error.Just raised the ticket with Support and awating for update: Error
1 2014/03/12 13:18:00.484 CET 10.40.19.204 %NIC-2-400041: Collector, Collector, -, -, -, -, Detail: 460: Error: ZCONNECTOR:5:1280005: Events missed in the timeframe 1394626509796-1394626680453
It's working on ES which i deployed in one customer without any issue. No special configuration, just install and run
HI Pat ....Thanks we have done with Z connector and those error is just informational error...There is no special configuration ..Thanks all support.
Hi James
Our upcoming release of Security Analytics 10.2 will include a set of utilities called "enVision Transition Tools". The transition tools are designed to inspect a given enVision deployment, inspecting the collection configuration as well as the reports. For collection, the tool will create a file format that can be bulk loaded into the SA Log Collector, elininating the need for you to retype hundreds of credentials or IP address. For enVision reports, the tool will inspect each report, and if the report can be directly converted to Security Analytics syntax then the tool will emit the RULE needed to create the report. If the report cannot be converted then the tool will describe what parts of the report cannot be carried over.