NetWitness Community

Anonymous · ‎2013-05-17

Good Afternoon,

I am in the process of converting from RSA enVision to the more powerful RSA Security Analytics for logging. There are a massive amount of reports that are currently running within enVision, but would like to run in Security Analytics. What is the best way to get those reports into Security Analytics? Thank you for your time.

V/r

James

RSAAdmin · ‎2013-05-21

Hi James

Our upcoming release of Security Analytics 10.2 will include a set of utilities called "enVision Transition Tools". The transition tools are designed to inspect a given enVision deployment, inspecting the collection configuration as well as the reports. For collection, the tool will create a file format that can be bulk loaded into the SA Log Collector, elininating the need for you to retype hundreds of credentials or IP address. For enVision reports, the tool will inspect each report, and if the report can be directly converted to Security Analytics syntax then the tool will emit the RULE needed to create the report. If the report cannot be converted then the tool will describe what parts of the report cannot be carried over.

View solution in original post

RSAAdmin · ‎2013-05-21

Hi James

Our upcoming release of Security Analytics 10.2 will include a set of utilities called "enVision Transition Tools". The transition tools are designed to inspect a given enVision deployment, inspecting the collection configuration as well as the reports. For collection, the tool will create a file format that can be bulk loaded into the SA Log Collector, elininating the need for you to retype hundreds of credentials or IP address. For enVision reports, the tool will inspect each report, and if the report can be directly converted to Security Analytics syntax then the tool will emit the RULE needed to create the report. If the report cannot be converted then the tool will describe what parts of the report cannot be carried over.

RSAAdmin · ‎2013-05-28

Hi, Steven,

That's great news!

How about custom parsers, correlation and transport (e.g. winsshd config+keys, ODBC data sources) migration?

Will this tool be available on SCOL?

Anonymous · ‎2013-07-02

HI Steve

Really good news and we are awating for this tool...whne it will be published.

Thanks

Ganesh

Anonymous · ‎2013-07-23

All,

I've been told from our Professional Services Manager, that these tools are only being used internally at this point, and won't be released to customers for quite awhile. Steven, can you shed any light on this?

Regards,

James

Anonymous · ‎2014-03-11

HI Steve

Really good news and we are awating for this tool...whne it will be published.

Thanks

Ganesh

huanzhou1 · ‎2014-03-11

you can open support case to get from support, please try.

Anonymous · ‎2014-03-11

Thanks Pat.Will try to open case.As well any idea as we are having 10.2 and CEP module and we have seen only 15 Rules in SA from Live..Any idea where to download more Rule for CEP as in current phase we are not going to have ESA box.

huanzhou1 · ‎2014-03-11

same here, i only can find 11 rules.

Not sure, what i know the Live account got access levels, but if the whole Live system only contains 15, then no choice.

Anonymous · ‎2014-03-12

HI Pat..

Well last time i had call with RSA they said you can download Rules form the internet CEP site...I am still serching for it till my ESA box get live.

NetWitness Community

Is there a good way or mechanism to transfer reports from RSA enVision to Recurity Analytics??