gage_stalwart
1 Copper

Re: Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

Thanks for the information, I think in this case it doesn't fully help us. As an enterprise company we may have 100, 500, or even 1,000 devices that we want to type a specific way and it should only come in as that device type. We can export our current list from envision and modify it into the format that shows in that guide, but it would be nice to have batch or mult-select window that we could filter down on (if not regex on a reverse name lookup, then try to cobble together different meta-keys) and change all. Thanks.

0 Kudos
NWPMM
1 Copper

Re: Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

Support for Active Directory has been possible from the UI for some time.  AD support received no significant updates from SA 10.3 SP4, however there was one enhancement, namely the ability to disable LDAP referrals in Active Directory Configurations.  There were no changes made to reporting of login failures in 10.4.

0 Kudos
willig8
1 Nickel

Re: Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

In SA 10.4 there is a list of event sources under Administration->Health & Wellness->Event Source Monitoring.  Unfortunately, you cannot add notes or attributes currently.

0 Kudos
willig8
1 Nickel

Re: Ask the Expert: What's New: RSA Security Analytics 10.4 & RSA ECAT 4.0

You can create a feed with the IPs and hostnames, or even more directly, IPs and groups that will add hostname or group information to the meta of your choice.  A dynamic DNS lookup would be prohibitively expensive.

0 Kudos