This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Integration RSA Netwitness with RSA SecurID

GuillermoHerrer
New Contributor
New Contributor

‎2016-10-26 11:43 AM

Hello Everyone,

I just integrate both platforms With One customer of mine, the original idea was to add authentication stronger NetWitness GUI. I Followed the directions in Configure PAM Login Capability - RSA Security Analytics Documentation. I made the integration successful, I Achieved the first authentication success but when i start to make more test I saw a bad behavior, let me explian you:

       - When the AM´s lockout policy was fired, for 3 failed auth´s, the user became to NextTokenCode but the SecurID Authorization Agent for PAM is not able to drive this flag, always send auth fails and never see the NTC box in Netwitness GUI.

        - When you use a PIN mode in authentication attemps, the Netwitness console died. The jetty service goes down.

        - And If you tried to reuse the same token, in theory you dont able to make a success auth, But the Netwitness console permit the authentication , although you see in Authentication Real Monitor oif SecurID this log (authj faild, token reuse)

 

The question´s are:

SecurID Authorization Agent for PAM will be better, in which realase of Netwitness???

Somebody knows some workaround to solve the issue?

 

Note. I used the versions:
- RSA AM 8.1.1.15
- RSA SA 10.6.1

0 Likes
3 REPLIES 3

KyleBlack
Beginner
Beginner

‎2017-02-13 10:01 AM

I just did the PAM integration with RSA SA 10.6.1.0, it worked well for about 4 hrs and now it is crashing the website.  I had to disable it in the pam.d/securityanalytics file and have submitted a ticket to RSA for assistance.  

 

Did you ever get anymore information on the issues you were having? 

0 Likes

Anonymous
Not applicable

‎2018-03-19 04:15 PM

According to https://community.rsa.com/docs/DOC-72974 (very end of article), it does not support NTC.

0 Likes

Anonymous
Not applicable

‎2018-03-21 11:27 AM

Also, FWIW, I'm trying to get "stacked" authentication to work--

 

In my case, I started with Kerberos auth against Microsoft AD and want to add a 2nd prompt for the token code.

 

What I have found so far is that NetWitness (10.5.2) does not change the Security Analytics login box.  If I were using only SecurID, I would expect it to change to Username and Token Code (rather than "Password").  Using both Kerberos and SecurID, it would need to either add an additional space to enter the Token Code, or pop-up another prompt once Kerberos is done.

 

Anything I've tried with stacked PAM modules seems to just crash the web UI.

 

I have a ticket open with RSA...

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.