RSA Security Analytics. S4 Broker Setup Guide



Similar documents
RSA Security Analytics Virtual Appliance Setup Guide

RSA Security Analytics Netflow Collection Configuration Guide

RSA Security Analytics Netflow Collection Configuration Guide

How to Set Up Your NSM4000 Appliance

Savvius Insight Initial Configuration

Cisco Expressway CE500 Appliance

DEPLOYMENT GUIDE. This document gives a brief overview of deployment preparation, installation and configuration of a Vectra X-series platform.

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

DD670, DD860, and DD890 Hardware Overview

RSA Authentication Manager 7.1 to 8.1 Migration Guide: Upgrading RSA SecurID Appliance 3.0 On Existing Hardware

RSA Authentication Manager 7.1 Basic Exercises

eprism Security Suite

Dominion KX II-101-V2

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

CounterACT 7.0 Single CounterACT Appliance

RSA SecurID Software Token Security Best Practices Guide

EMC Data Domain Management Center

AlienVault. Unified Security Management (USM) x Initial Setup Guide

Infinity C Reference Guide

Acano solution. Acano Solution Installation Guide. Acano. January B

QUICK START GUIDE. Cisco C170 Security Appliance

Meraki MX50 Hardware Installation Guide

RealPresence Platform Director

RSA SecurID Software Token 1.0 for Android Administrator s Guide

Thank for choosing the Dominion KX III, the industry's highest performance enterprise-class, secure, digital KVM (Keyboard, Video, Mouse) switch.

Barracuda Link Balancer Administrator s Guide

Quick Start Guide. Sendio System Protection Appliance. Sendio 5.0

FW-310. Appliance Installation Guide

Citrix XenServer Workload Balancing Quick Start. Published February Edition

Unpacking the Product. Rack Installation. Then, use the screws provided with the equipment rack to mount the firewall in the rack.

Symantec NetBackup Appliance Getting Started Guide

Connecting the DG-102S VoIP Gateway to your network

F-SECURE MESSAGING SECURITY GATEWAY

Welcome. Unleash Your Phone

Product Version 1.0 Document Version 1.0-B

DD160 and DD620 Hardware Overview

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide

Server Installation Guide ZENworks Patch Management 6.4 SP2

HP ProLiant DL380 G5 High Availability Storage Server

F-Secure Messaging Security Gateway. Deployment Guide

NetIQ Sentinel Quick Start Guide

XenClient Enterprise Synchronizer Installation Guide

Network Monitoring User Guide Pulse Appliance

Intel Entry Storage System SS4000-E

SecureLinx Spider Duo Quick Start Guide

3.5 EXTERNAL NETWORK HDD. User s Manual

PHD Virtual Backup for Hyper-V

20487B: Developing Windows Azure and Web Services

Installing the Operating System or Hypervisor

User s Manual Ver. 2.3

IBM Security QRadar Version Installing QRadar with a Bootable USB Flash-drive Technical Note

Virtual Appliance Setup Guide

Acano solution. Virtualized Deployment R1.1 Installation Guide. Acano. February B

Virtual LoadMaster for Microsoft Hyper-V

and Symantec Network Access Control

emerge 50P emerge 5000P

Building Microsoft Windows Server 2012 Clusters on the Dell PowerEdge VRTX

Configuring and Using AMT on TS140 and TS440

How To Secure An Rsa Authentication Agent

Installing and Using the vnios Trial

Unified Threat Management

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Remote Management System

Hyper-V Server 2008 Setup and Configuration Tool Guide

Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Novell Identity Manager Resource Kit

User Manual Version User Manual A20 / A50 / A100 / A250 / A500 / A1000 / A2000 / A4000

Wireless Router Setup Manual

Quick Start Guide. Cisco Small Business. 300 Series Managed Switches

Quick Setup Guide. Tandberg Data DPS1000 Series Model: DPS1100 and DPS1200, Release: 1.3

QUICK START GUIDE Cisco M380 and Cisco M680 Content Security Management Appliance

Ethernet Port Quick Start Manual

STM Quick Installation Guide

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

Syncplicity On-Premise Storage Connector

Quick Start Guide for Parallels Virtuozzo

Hyper V Windows 2012 and 8. Virtual LoadMaster for Microsoft Hyper V on Windows Server 2012, 2012 R2 and Windows 8. Installation Guide

Plexxi Control Installation Guide Release 2.1.0

RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

CYAN SECURE WEB APPLIANCE. User interface manual

Quick Start Guide for VMware and Windows 7

I N S T A L L A T I O N M A N U A L

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

Trend Micro Encryption Gateway 5

Symantec NetBackup Appliance Getting Started Guide

Single-bay NAS Server

Quick Start Guide. RV 120W Wireless-N VPN Firewall. Cisco Small Business

integration tools setup guide SIM 3 Remote Guide to controlling a SIM 3 Audio Analyzer remotely over a network connection from a laptop

QuantStudio 3D AnalysisSuite Server System

READYNAS INSTANT STORAGE. Quick Installation Guide

Quick Start Guide. for Installing vnios Software on. VMware Platforms

Visual Learning Served On Demand. WAN-880 / WAN 880X Rack-Mount Server Installation Guide

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

McAfee Firewall Enterprise

NNAS-D5 Quick Installation Guide

ALOHA Load Balancer Quickstart guide

Configuring PPP And SIP

Barracuda IM Firewall Administrator s Guide

Transcription:

RSA Security Analytics S4 Broker Setup Guide

Copyright 2010-2013 RSA, the Security Division of EMC. All rights reserved. Trademarks RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm. License Agreement This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person. No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability. This software is subject to change without notice and should not be construed as a commitment by EMC. Third-Party Licenses This product may include software developed by parties other than RSA. The text of the license agreements applicable to third-party software in this product may be viewed in the thirdpartylicenses.pdf file. Note on Encryption Technologies This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product. Distribution Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 2

S4 Broker Setup Guide S4 Broker Setup Guide S4 Broker Setup Guide 4 SA Broker Hardware Description 5 Mount the Appliance and Configure Network Parameters 9 Finish Broker Setup in Security Analytics 15 3

Overview S4 Broker Setup Guide Overview This document is a step-by-step guide for installing the RSA Security Analytics Broker and connecting it to your network. 4

Overview SA Broker Hardware Description This topic contains the following sections: 1. Overview 2. Introduction 3. Package Contents 4. Customer Supplied Materials 5. Front View of the Broker 6. Rear View of the Broker 7. Broker Specifications Overview This document introduces the RSA Series 4 Broker and provides a description of controls and connectors along with selected specifications. Introduction The RSA Security Analytics Series 4 Broker is shipped with Broker software installed. The initial setup of the Broker in your network involves these steps: 1. Review site requirements and safety information. 2. Mount the Broker hardware. 3. Connect the Broker to your network and configure network parameters on the Broker. 4. Finish Broker setup in Security Analytics. There are several options for the initial physical connection to the Broker to begin configuration of the software parameters. Once connected, the Security Analytics appliance console is used to make those configuration changes. Each step is described in detail in this document. You can learn more about Security Analytics in the online documentation. To view Security Analytics documentation, log on to Security Analytics and select the Help option in the Security Analytics menu. Package Contents Verify the contents of the packing box to ensure that you have received all items necessary to install and configure your Broker. Series 4 Broker appliance Rail Slide Assemblies (2) 5

Customer Supplied Materials Power Cord (2) Customer Supplied Materials To complete the setup procedure, you will need: One Ethernet network cable Cables to connect a monitor or KVM adapter to the VGA port and a keyboard or KVM adapter to the USB port Standard tools for installing and mounting computer hardware Front View of the Broker Key Description 1 Diagnostic LEDs 2 System Identification Light 3 Power On/Off 4 Recessed non-maskable interrupt (NMI) button 5 System Identification Button 6 Micro USB port 7 Ten 2.5-inch hard drive bays. The Broker has two 146 GB drives and two 1 TB drives installed. There is also an internal secure digital (SD) card module where two 32 GB cards are installed, and this is where the operating system is installed by default. 8 Service Tag Details 6

Rear View of the Broker Rear View of the Broker Key Description 1 System Identification Button 2 System Identification Light 3 idrac Port 4 RS232 Serial Port (serial connection to laptop via DB9 or serial server) 5 VGA Video Port (monitor) 6 Network Interface cards slot: SAS Controller installed with two DAC interface ports for connecting to the disk storage arrays. 7 Network Interface card expansion slots for optional cards. Possible options are: Fiber/Copper 10Gbps network capture card (RJ45) Fiber-channel host bus adaptor (HBA) used to connect to a SAN 8 USB Ports (Keyboard) 9 Gigabit Ethernet Port 1: em1 = management port. 10 Gigabit Ethernet Ports (2-4): em 2-4 11 Hot Swappable Power Supply 1 and 2 Broker Specifications Form Factor Weight 1U, full depth 39 lbs. 7

Broker Specifications Dimensions Power supplies Processors RAM 18.99 (w) x 30.39 (d) x 1.68 (h) Hot Swappable, redundant 750W, 100V to 240V autosensing Dual hex core 2.66 GHZ 96 GB 8

Overview Mount the Appliance and Configure Network Parameters This topic contains the following sections: 1. Overview 2. Introduction 3. Appliance Console via VGA Connection 4. Appliance Console via Network Connection 5. Set the IP Address 5.1. Set a Static IP 5.2. Set a Dynamic IP 6. Set the Hostname 7. Specify the Network Clock Source 8. Configure DNS Servers Overview This topic provides instructions for connecting a Security Analytics S4 appliance to your network and configuring initial management parameters on the appliance. Introduction Before you begin network configuration, mount or place the appliance securely in accordance with site requirements. Configuring network parameters for an RSA Security Analytics S4 appliance consists of setting the default IP address, the network clock source, and the hostname, then configuring your DNS servers. To set these parameters, you can connect to the appliance console using a keyboard and mouse or the Ethernet connection. In both cases, log on to the appliance as root. Once able to log on to the appliance, use the NwConsole program to modify the appliance management settings. Use the OS command line to configure DNS servers. Method Username Default Password ssh/cli root netwitness appliance admin netwitness Choose one of these methods for the initial connection: Appliance Console via VGA Connection: Keyboard (USB Port) and monitor (VGA Port). Appliance Console via Network Connection: Computer using an SSH client connected to the appliance via Ethernet cable to Mgmt Port (em1), which is configured as 192.168.1.1 by default. 9

Appliance Console via VGA Connection Appliance Console via VGA Connection To use the Appliance Console via VGA connection: 1. Connect a monitor or KVM adapter to the VGA Port on the back of the appliance. 2. Connect a keyboard or KVM adapter to one of the USB ports on the back of the appliance. 3. Connect a power cord to each of the two power supplies on the rear of the appliance. Connect the power cords to a power source. To provide a more robust setup, connect each power supply to a different circuit. Caution: 5V standby power is active whenever the system is plugged in. To remove power from the system, you must unplug both AC power cords from the power source 4. At the login prompt use the default credentials to gain access to the operating system (root/netwitness). 5. Continue to Set the IP Address section below. Appliance Console via Network Connection Caution: The default IP address of the appliance is set at the factory to 192.168.1.1. The use of 192.168.1.1 is fairly common and the IP address may already be in your system's SSH known_hosts file. The specific line for that IP address may need to be removed. To use the Appliance Console via network connection: 10

Set the IP Address 1. Connect an Ethernet cable between a computer and the Ethernet management port on the back of the appliance. 2. Connect the power cords to the power connectors on the appliance and a power receptacle. 3. The default IP address of the appliance is set at the factory to 192.168.1.1; therefore, set the IP address of the client system in the same subnet. For example, set your laptop to 192.168.1.15 with default gateway of 192.168.1.1 and then using a secure shell (SSH) client connect to the appliance. Note: Be aware that if you change network parameters while connected through SSH, your SSH session will be dropped and you will have to re-connect to the appliance at its new address. 4. Accept the SSH key. 5. At the login prompt use the default credentials to gain access to the operating system. 6. Continue to Set the IP Address section below. Set the IP Address Use one of the procedures below to set the management IP address on the appliance. Set a Static IP To set a static IP address: 1. At the root prompt: [root@nwappliance~]# NwConsole The NwConsole starts up and the following message is displayed: RSA Security Analytics Console 10.2 Copyright 2001-2012, RSA Security Inc. All Rights Reserved. 2. In the NwConsole, login localhost:50006 <adminusername> <password> for example: login localhost:50006 admin netwitness You are logged onto the appliance and the following message is displayed: Successfully logged in as session <session #> 3. At the localhost prompt: [localhost:50006] /> appliance setnet mode=static address=<desired IP address> netmask=<desired netmask> gateway=<desired network gateway> Example: To set the appliance em1 interface IP address to 10.1.2.35 for a class C network with gateway 10.1.2.1, execute the following command: appliance setnet mode=static address=10.1.2.35 netmask=255.255.255.0 gateway=10.1.2.1 The network services automatically restart on the appliance and the new settings are applied. 11

Set the Hostname 4. If the appliance is connected via network connection, you will have to reconnect to appliance using the new IP address to continue. If you moved the appliance to a new subnet, changes to client networking may also be required. 5. To logout and exit the NwConsole, type exit. Set a Dynamic IP To set a dynamic IP address: 1. At the root prompt: [root@nwappliance~]# NwConsole The NwConsole starts up and the following message is displayed: RSA Security Analytics Console 10.2 Copyright 2001-2012, RSA Security Inc. All Rights Reserved. 2. In the NwConsole, login localhost:50006 <username> <password> You are logged onto the appliance and the following message is displayed: Successfully logged in as session <session #> 3. At the localhost prompt: [localhost:50006] /> appliance setnet mode=dhcp 4. The network services automatically restart on the device and the new settings are applied. If the appliance is connected via network connection, you will have to reconnect to appliance using the new IP address to continue. If you moved the appliance to a new subnet, changes to client networking may also be required. Caution: If you choose DHCP, there may be no way to determine the new address. You must connect to the appliance console directly to determine the new address. Set the Hostname Creating the hostname of the system is a relatively simple task, but can benefit from consideration to limit common issues. If you are looking for some guidance to choosing a hostname, refer to the RFC 1178. In terms of Security Analytics the databases on the appliances are associated to the hostname. If the collection or aggregation has started (this is why it is not turned on by default) then the database is created and changing the hostname after that occurs effectively creates a second database. The hostname should contain only alphanumeric characters (no special characters such as #, _, @, -) to eliminate communication issues. 1. If still logged into NwConsole, then skip steps 2 and 3. 2. At the root prompt: [root@nwappliance~]# NwConsole The NwConsole starts up and the following message is displayed: RSA Security Analytics Console 10.2 Copyright 2001-2012, RSA Security Inc. All Rights Reserved. 3. In the NwConsole, login localhost:50006 <username> <password> You are logged onto the appliance and the following message is displayed: Successfully logged in as session <session #> 12

Specify the Network Clock Source 4. At the localhost prompt: [localhost:50006] /> appliance hostname name=<desired_name_for_appliance> For example: appliance hostname name=myserver 5. When you see an output of Success, type exit to log out and exit the NwConsole program. 6. Reboot the server using command: reboot Note: It is recommended that you reboot the system after changing the hostname. Specify the Network Clock Source Note: If the NTP server is not configured or reachable at this time, the network clock source configuration will fail, but can be done from the SA interface later. It is recommended that all systems in the Security Analytics suite be synchronized using a network time source so that all devices accurately depict the same time. If this is not done then the time on the devices can get out of sync causing queries for a specific time to not return the expected results. Note: The commands in these instructions are case sensitive. To set the network clock source: 1. If still logged into NwConsole, then skip steps 2 and 3. 2. At the root prompt: [root@nwappliance~]# NwConsole The NwConsole starts up and the following message is displayed: RSA Security Analytics Console 10.2 Copyright 2001-2012, RSA Security Inc. All Rights Reserved. 3. In the NwConsole, login localhost:50006 <username> <password> You are logged onto the appliance and the following message is displayed: Successfully logged in as session <session #> 4. At the localhost prompt: [localhost:50006] /> appliance setntp source=<ntp_server_hostname or IP_address> For example: appliance setntp source=0.pool.ntp.org Or, if you want to use the appliance clock as a clock source, type: appliance setntp source=local 5. When you see an output of Success from the command, type exit to log out and exit the NwConsole program. Note: If you specified an NTP clock source of local, the appliance clock serves as the clock source and the time is configured using Set Appliance Built-In Clock as described in Security Analytics online help. 13

Configure DNS Servers Configure DNS Servers To set a static IP address: 1. At the root prompt: [root@nwappliance~]# vi /etc/resolv.conf 2. Add the following lines to the file for each DNS server: nameserver <DNS_server_ip_address> search <domain_name> where <DNS_server_ip_address> is the IP address of your DNS server, and <domain_name> is the domain name for example: nameserver 192.168.0.1 search acmecorp.com 3. Save the changes and exit the vi editor. 14

Overview Finish Broker Setup in Security Analytics This topic contains the following sections: 1. Overview 2. Introduction Overview This topic provides instructions for finishing Broker configuration and starting aggregation in Security Analytics. Introduction The final steps for setting up the Broker are done using Security Analytics. These are: 1. Add the Broker to Security Analytics in Devices view. 2. Apply a device license (or Entitlement) to the Broker. 3. Add one or more Concentrators to the Broker as aggregate devices. 4. Configure and start aggregation. Several of these steps can be completed only when other parts of the Security Analytics network are in place: At least one Concentrator and one Decoder service must be installed, licensed, configured, and capturing data to generate Meta that the Broker can retrieve. The Security Analytics device licenses (or Entitlements) must be available for activating the devices. Log on to Security Analytics and follow instructions in the online help to finish setup of the Broker as part of the Security Analytics suite. 15

RSA Part Number: 6973A0

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information