This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Integrate ECAT Feed with RSA Security Analytics

Article Number

000001363

Applies To

RSA Product Set: NetWitness Logs & Network
SA Product/Service Type: ECAT
RSA Version/Condition: 10.x
Platform: CentOS
O/S Version: EL6

Issue

How to integrate ECAT Feed with RSA security Analytics.

Resolution

  1. Export public Ecat certificate 
    1. From server\cert directory in Ecat get Ecat CA certificate
  2. Import ECAT public certificate to SA UI Java Store 
    1. cd /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/jre/bin
    2. ./keytool -import -v -trustcacerts -alias ECAT -file /root/B64EcatCA.cer -keystore /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/jre/lib/security/cacerts -keypass changeit -storepass changeit
       
      where
      -alias ECAT = a name to give the cert in the keystore (can be anything)
      -file /root/B64EcatCA.cer = exported CER from ECAT Server. 
    Results should be like this:
    Owner: CN=EcatCA
    Issuer: CN=EcatCA
    Serial number: -271f479f6107d579bdb7a8766ca92be2
    Valid from: Fri Sep 19 08:02:14 UTC 2014 until: Sat Dec 31 23:59:59 UTC 2039
    Certificate fingerprints:
         MD5:  F2:6D:82:EB:D1:74:D7:E7:BE:C5:FB:9A:B5:36:44:E9
         SHA1: 1C:CF:89:77:F9:61:68:B5:F8:64:DF:36:BD:D9:F6:16:71:FA:3B:34
         SHA256: 3B:55:B6:F1:2E:EE:F3:1D:7A:0C:02:AA:87:80:22:E0:A1:D5:E6:7B:91:22:81:A6:FC:04:0F:29:21:5E:89:21
         Signature algorithm name: SHA1withRSA
         Version: 3
     
    Extensions: 
     
    #1: ObjectId: 2.5.29.1 Criticality=false
    0000: 30 39 80 10 EC 0C AF 37   EA 39 B4 70 FA 3E 30 3C  09.....7.9.p.>0<
    0010: AF 4A EF F4 A1 13 30 11   31 0F 30 0D 06 03 55 04  .J....0.1.0...U.
    0020: 03 13 06 45 63 61 74 43   41 82 10 D8 E0 B8 60 9E  ...EcatCA.....`.
    0030: F8 2A 86 42 48 57 89 93   56 D4 1E                 .*.BHW..V..
     
     
    Trust this certificate? [no]:  yes
    Certificate was added to keystore
    [Storing /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/jre/lib/security/cacerts]

    [root@RSASA bin]# 
     
  3. To check the keystore run this command and search by alias name you configured
    ./keytool -list -keystore /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/jre/lib/security/cacerts | grep -i ECAT

    Enter keystore password:  changeit
    ecat, 21/09/2014, trustedCertEntry, 
     
  4. Restart jetty
    1. a-stop jettysrv
    2. b-start jettysr
  5. From SA UI Go to Live--->Feeds-->Add new Feed in URL insert the following URL
    https://EcatServerExported:9443/ext/feed/machines.csv

    Make sure that SA can resolve EcatServerExported to Ecat IP address either by DNS or putting this entry in the hosts' file.

    Also Double confirm that SA can reach Ecat on the following port 9443 using openssl
    openssl s_client -connect EcatServerExported:9443 and check if you can see Connected or not
    this mean port is accessible
  • If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-02-10 02:07 PM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.