This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Changing ESA IM Database password

RSAAdmin
Beginner
Beginner

‎2014-10-13 09:49 AM

Does anyone have the procedure on how to change the default IM database password on the ESA appliance in Security Analytics 10.4?

0 Likes
8 REPLIES 8

Anonymous
Not applicable

‎2014-10-14 07:42 AM

I can't even find the user that was created nevermind change the password lol.  But on a positive note I do have an open support case for this, hopefully I will get a response from them sooner than later. 

0 Likes

Anonymous
Not applicable

‎2014-10-14 08:19 AM

Hi,

 

If never mind, will you please share any screenshot for the reference, so I can check the same that for which IM database user are you talking about?

Because as Sean suggested, there is no user of which I heard any time.

0 Likes

Anonymous
Not applicable
In response to Anonymous

‎2014-10-14 08:20 AM

Sean, kindly suggest when you get any kind of information from support regarding the same.

 

Good luck!!!

0 Likes

Anonymous
Not applicable
In response to Anonymous

‎2014-10-14 11:31 AM

According to support they are in the process of making procedures to change the password. 

 

@deepanshu It looks like the user does not exist in the /etc/passwd but does exist on the database itself.  I just tried setting it up and I was able to get incidents back without any issues.  If you need the default password send me a message on linkedin. 

0 Likes

RSAAdmin
Beginner
Beginner
In response to Anonymous

‎2014-10-14 11:39 AM

I have an active support ticket opened as well.

I'll keep everyone posted if I hear from development who are currently working on this.

0 Likes

RSAAdmin
Beginner
Beginner

‎2014-10-16 04:43 PM

Here is the procedure to change your IM/ESA mongo admin and database user accounts:

 

1. Log in your ESA appliance and run the following commands:

 

# mongo admin -u admin -p netwitness

>db.changeUserPassword('admin','newpassword')

>exit

 

# mongo admin -u admin -p password --authenticationDatabase admin

> use im

>db.changeUserPassword('im','newpassword')

>use esa

>db.changeUserPassword('esa','newpassword')

exit

 

This process also works for the ds database as well.

 

2. Login into the SA UI and change the password in the following locations in the Admin->Services section:

Event Stream Analysis->Explore->Alerts->Storage->configuration

Incident Management->Explore->Service->Configuration->database

Reporting Engine->Config->Warehouse Analytics Output Configuration

 

You may or may not want to reboot/restart the services to make sure everything is reconnecting properly.

On esa server:

service rsa-esa restart

 

On IM server:

service rsa-im restart

Anonymous
Not applicable
In response to RSAAdmin

‎2014-10-17 01:57 AM

Oh thanks Spyhunter for your efforts.

Hope this will work if I tries.

 

And also one more thing, when I upgraded my esa from 10.3 to 10.4 i lost all my configurations and rules on esa.

So will you please share some of yours esa rules and the rules according to best practice for esa.

 

So that I can run those same on my environment.

Thanks in advance.

 

Regards,

Deepanshu Sood

Technical Consultant - Information Security

0 Likes

MiguelAguirre
Beginner
Beginner
In response to RSAAdmin

‎2015-07-28 12:16 PM

spyhunter,

 

thank you for your procedure, it works for me in SA 10.4.1.1 for incident management service configuration

 

 

regards!

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.