Article Number
000039714
Applies To
RSA Product Set: NetWitness Orchestrator (Threat Connect)
RSA Product/Service Type: Orchestrator Support
RSA Version/Condition: 6.X
Platform: Red Hat Distros, Debian Distros, Cloud
RSA Product/Service Type: Orchestrator Support
RSA Version/Condition: 6.X
Platform: Red Hat Distros, Debian Distros, Cloud
Issue
A customer is having an issue with the Threat Connect version of RSA Netwitness Orchestrator, and NetWitness Support needs to open a case with Threat Connect Support.
Note: If looking for instructions that are related to RSA NetWitness Orchestrator (Demisto) please see Knowledge Base Article 000038122
Note: If looking for instructions that are related to RSA NetWitness Orchestrator (Demisto) please see Knowledge Base Article 000038122
Resolution
NetWitness Orchestrator Powered by Threat Connect
This section discusses how to open a case for Customers that are using the Threat Connect version of RSA NetWitness Orchestrator. If you do not have an account, see How to create a Threat Connect Support Account below. If a case is needed immediately and you cannot wait for the account creation process to complete, please email support@threatconnect.com. Supply the information outline in How to create a Threat Connect Case below.
How to create a Threat Connect Support Account
- Speak to your manager and have them email Sameer Jadhav, <sjadhav@threatconnect.com> requesting an account for you.
- As Threat Connect is primarily US-based, it can take a day or two before the account is created. You will receive an email confirmation once the account is complete.
How to create a Threat Connect Case
Note: Cases for Threat Connect can only be opened for active maintenance customers. Proof of Concept/Try-n-Buy setups cannot open cases with Threat Connect.
Once you have an account, it is possible to raise a case via the Threat Connect portal: https://jira-tc.atlassian.net/servicedesk/customer/portal/2
The case view should look like the image below:
- In the What do you need? field, enter the priority of the case, the RSA NetWitness case number, and short description of the issue. The priority field can be P1 (full system down), P2 (partial system down), and P3 (all other issues).
Example: P2 - 0123451 - Partial system down
- In the Why do you need this? field, provide a descriptive summary of the issue being seen. Include as much of the following as possible:
- What has been done to troubleshoot so far
- What assistance you are requesting from Threat Connect.
- Screenshots captured
- Any logs retrieved
- In the Environment field, provide the following:
- URL if NetWitness Orchestrator is a cloud instance, or denote it is on-premise.
- The version of the NetWitness Orchestrator being used.
- The version of any applications being used with NetWitness Orchestrator.
- Is the NetWitness Orchestrator a Production of Test instance
- In the Component field, provide the following:
- The component that is having issues, if known. Otherwise, it can be left blank.
- The Share with field must contain Share with RSA. If this is not selected the case will not be visible to all RSA NetWitness Support personnel. Do not change this field unless otherwise directed.
How to Escalate a Threat Connect Case
If an escalation is required for a Threat Connect support case, do the following:
- Case must be a P1 (full outage) or P2 (partial outage)
- Contact your manager with the Threat Connect support case number, the reason for the escalation, and request to have the case escalated.
- The manager will email Sameer Jadhav, <sjadhav@threatconnect.com> during normal US business hours
- If after US business hours, the case can also be escalated by calling the toll free number: US: +1-800-965-2708, UK: 08081894456
In this article
