This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

SecOps virtual deployment

TomaNikolov
Beginner
Beginner

‎2017-12-13 04:06 AM

Greetings,

 

I need to know if I can find any information about deploying SecOps Manager within the NetWitness Suite deployment.
I am deploying a virtual lab and I need to know if I can deploy the SecOps manager too.
My colleagues and I hardly find any documentation about requirements, and deployment procedure.

 

Thank you in advance!

Labels:
0 Likes
3 REPLIES 3

david_waugh
Beginner
Beginner

‎2017-12-13 04:15 AM

Hi I'm not an expert on this, but SecOps is a module based on RSA Archer, so you would need an archer deployment, install the SecOps module and then configure the integration.

 

I wouldn't say it's something that you can do in a few hours.

TomaNikolov
Beginner
Beginner

‎2018-01-30 02:49 AM

Greetings David, 

 

We have already deployed Archer,  but We still have some issues with the deployment of the SecOps 1.3 module and eventually link it to Netwitness Suite 11.0 have you gone through this kind of deployment, and do you have any guide(steps to follow) in order to implement it correctly. 

 

When we run the runConnectionManager.bat we are missing some menu options we need(according to the guide) - 5. Add an endpoint for RSA Security Analytics Incident Management, as follows:
a. Enter the number for Security Analytics IM. - this is according to the guide we use. 
On the other hand if we try to choose 2. Edit endpoint or 4. Mode Selection nothing happens. Is thi normal or it is something wrong with our environment and can we find any logs for those somewhare in order to troubleshoot the issue? 

 

MicrosoftTeams-image (1).png

 

 

 

Thank you in advance!

RomanBrandt
Occasional Contributor
Occasional Contributor
In response to TomaNikolov

‎2018-02-08 12:16 PM

If I remember correctly, you need to go "Add Endpoint" and there you can select the type of Endpoint. But in the first step you are only able to add the "RSA Archer endpoints" and after you created these the item for SA IM shows in the Add Endpoint menu.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.