Configure Proxy for NetWitness Platform XDRConfigure Proxy for NetWitness Platform XDR
This topic provides a procedure for setting up a proxy that is used across NetWitness modules and services.
Note: Proxy support is only for HTTP and HTTPS proxies and not SOCKS5.
You can configure a proxy that is used across NetWitness modules and services in the System View > Advance Configuration panel. The Proxy Settings in the Advanced Configuration panel set up a proxy to be used wherever a proxy is needed in NetWitness. These settings override any proxy settings configured for an individual service or module, such as Malware Analysis or Live.
To configure a proxy for use across NetWitness modules:
- Go to (Admin) > System.
In the options panel, select HTTP Proxy Settings.
The HTTP Proxy Settings panel is displayed.
Click the Enable checkbox.
The fields where you configure the proxy settings are activated.
- Type the hostname for the proxy server and the port used for communications on the proxy server.
- (Optional) Type the username and password that serve as credentials to access the proxy server if authentication is required.
- (Optional) Enable Use NTLM Authentication and type the NTLM domain name.
- (Optional) Enable Use SSL if communications use Secure Socket Layer. If you enable Use SSL, ensure that you import the required certificates for the services to retrieve information.
You need to import certificates and add the certificate in the head node for all the specific services that communicate externally over a proxy. If there are any other service that communicates with external resources over the internet, ensure that you add the certificates. For more on how to add the certificates, see Import Certificates for HTTPS Service
The proxy is immediately available for use throughout NetWitness modules and services, for example, Live and Malware Analysis.
- To save and apply the configuration, click Apply.
Import Certificates for HTTPS ServiceImport Certificates for HTTPS Service
Import certificates to communicate with the HTTPS services:
SSH to the NW node and copy the CA certificate located in the following directory:
- Execute the following command to update the certificates:
- Execute the following command to add the certificate to the java keystore:
keytool -list -keystore /etc/pki/java/cacerts -storepass changeit |& head
- Restart the service on the NW node.
Note: Perform the procedure for all the HTTPS servers.
Example: HTTPS proxy server and HTTPS feed server.