|
After adding the endpoint for NetWitness Respond, the Certificate Authority truststore fails to set.
Resolution
|
- Make sure that the SSH credentials for the NetWitness host are valid.
- If the credentials are correct, but the error still occurs, manually copy certificates.
|
| Remediation Tasks being pushed to the operations queue through the UCF are not appearing in Archer Cyber Incident & Breach Response as Findings.
|
- Open the Connection Manager using the command prompt:
- Change directories to <install_dir>\SA IM integration service\data-collector.
- Type: runConnectionManager.bat
- Enter 2 to edit endpoint.
- Enter 3 to NetWitness Respond.
- Make sure the Target Queue is set to All or Operations.
|
| In the <install_dir>\SA IM integration service\logs\collector.log, there are SSL errors between NetWitness and RSA Unified Collector Framework. |
- Verify that the SSL certificates are valid.
NetWitness Respond certificates are valid for two years.
- If your certificates are expired, regenerate and copy the expired certificates.
To regenerate and copy the certificates:
- In the Command Prompt, go to <install_dir>\SA IM integration service\data-collector.
- Enter
runConnectionManager.bat
-
Enter the number for Regenerate NetWitness RespondIntegration Service Certificate.
- In the NetWitness Respond endpoint, in Connection Manager, enter the number for Edit Endpoint.
- Enter Yes to copy the certificates automatically to the NetWitness trust store.
If certificates fail to copy, manually copy the certificates.
|
| NetWitness unable to forward incidents to UCF. |
- In the collector config (C:\PROGRAM FILES\RSA\SA IM INTEGRATION SERVICE\CONFIG\collector-config), change the following:
im.virtualhost=/rsa/im/integration
to
im.virtualhost=/rsa/system
- Restart UCF. For more information on restarting UCF, see Start the Unified Collector Framework.
- In the data collector (C:\PROGRAM FILES\RSA\SA IM INTEGRATION SERVICE\data-collector), double click on the following file to run it.
runConnectionmanager.bat
|
