2013-06-27 10:41 AM
We have RSA Envision with 500+ device integrated.And palnning to move to security Analytics.so do we need to integrate all device again .What is best practise.Any one has done this.Any Documnet and video of migration.
Thanks and regards
Ganesh
2013-07-01 04:54 PM
Hi Ganesh,
We have created enVision Transition Tools for Security Analytics. While the primary audience for the tool is Professional Services it will be available to customers shortly as well.
The tool will take device configurations from enVision and format them into CSVs which are directly importable into the Security Analytics Log Collector.
It will examine your enVision reports and display in a way where it will be easy to create the report in SA.
It will also take your device groups and list based content and convert it to SA Feeds to add context to the logs when ingested into SA.
Thanks,
Guy
2013-07-02 02:29 AM
Hi Guy...
Thanks for the information .
Any idea by when it will be available to customer as well do you have any plan or checklist which has to be follow while migration from the Envision to SA.
Thanks and Regards
Ganesh.
2013-07-02 01:40 PM
Hi Ganesh,
I don’t have an exact date but it will be within a few weeks.
There is no specific checklist as each customer is different.
The typical transition we see is this.
Stand up SA for Log Collection.
Enable Z-Connector on enVision to send all logs to SA. They will still be kept in enVision as well.
Transition device groups and list based content.
Transition reports and alerts to SA.
Confirm all requirements are met.
Transition device log collection to SA. This can be done over time.
Once all collection is on SA you can decommission the enVision appliances, keeping
the NAS up for reporting against the IPDB via SA.
Thanks,
Guy