Hello,
Netwitness Head Unit uses many services, for a full list of services available you can run the commands below
initctl list
service --status-all
The services that are not coming with Centos, but were installed by Netwitness are the below
lighttpd : this is a light weight httpd server used to host the repo on the head unit, so it can be accessible for other hosts during the upgrade process.
rsasoc_re : the reporting engine service.
nwappliance: this service collects some stats on the services on the appliances, usually shows on the service system page.
jettysrv: this is an opensource application server, netwitness uses this to run the graphical interface and host applications.
collectd: this is an opensource service than runs as a probe "like lmsensors" netwitness uses this service to collect stats like reachability and uptime, disk and memory utilizations on other hosts and so on.
fneserver: this service is used for licensing your whole environment.
puppet: this is a puppet client service, puppet is an opensource devops software, that can control many clients using manifests and recipes. admin can define a recipe for each node, then puppet will make sure this recipe is applied to this host, it will re-apply it if it was reverted for any reason.
mcollective: the marionette collective service is a service related to puppet, puppet uses this service to fetch replies from puppet clients, and also issue commands to multiple nodes using puppet master.
rabbitmq: another opensource message broker service, used to send any message between any 2 nodes, using amqps protocol, this is how all nodes communicate with each other.
tokumx: this is an opensource framework for the opensource mongodb. mongodb is a non-sql database. netwitness uses different types of databases (sql, h2, mongo,legacy postgres in older versions).
for a full topology of ports, please refer to the below link.
Network Architecture and Ports - RSA Security Analytics Documentation
Regards,
Akram Hamed
