Cannot access custom Esper Java libraries in RSA NetWitness Platform 11.4.x and Later
RSA Product Set: NetWitness Platform RSA Product/Service Type: ESA host/ESA Correlation service RSA Version/Condition: 11.4.x and later
In RSA NetWitness Platform 11.4.x and later, it is slightly more difficult to enable custom Esper Java libraries for those customers who have built their own EPL extensions in Java. For those customers, upgrading to 11.4.x and later can create an issue with their alerts that previously used their custom EPL extensions. Without the extended rules (Esper + Java libraries), customers do not have full visibility of some pattern detection which increases noise for their analysts, decreasing their productivity.
The known fix for this issue is as follows:
For RSA NetWitness Platform 11.4.x and later, ensure that the custom library JAR file and all the sources are compiled in JDK 11.
SSH to the ESA host and login with your ESA host credentials.
Modify the JAVA_OPTS variable in /etc/netwitness/correlation-server/correlation-server.conf, and add the parameter -Dloader.path= to load new java class files, as shown in bold: