Skip to content
  • There are no suggestions because the search field is empty.

Security Configuration: User Authentication

Tags: Version 11.5

    User authentication settings are designed to control the process of verifying an identity claimed by a user for accessing RSA NetWitness Platform.

    NetWitness Platform Core Trusted Connection

    NetWitness Platform Core 11.3 or later has the ability to connect and authenticate over SSL without having to provide user account information on the service itself. This feature is only available over the native port and not the REST interface. For more information on trusted connection, see Host and Services Getting Started Guide.Go to the Master Table of Contents to find all RSA NetWitness Platform 11.x documents.

    User Accounts

    The following table identifies the default RSA NetWitness Platform user roles including the Administrator (admin) account and several service accounts. When deploying, you must enter a password for the System Administrator account and all the service accounts. For more information on passwords and password strength, see "Settings Tab" in the System Security and User Management Guide.

    Note: Custom roles can be added as required. For instructions, see "Add a Service User Role" in the Host and Services Configuration Guides.

    • User Roles: Administrators
    • Description: Full system access

    • User Roles: Operators
    • Description: Access to configurations but not to metadata and session content.

    • User Roles: Analysts
    • Description: Access to metadata and session content but not to configurations.

    • User Roles: SOC_Managers
    • Description: Same access as Analysts plus additional permission to handle incidents.

    • User Roles: Malware_Analysts
    • Description: Access to malware events and to metadata and session content.

    • User Roles: Data_Privacy_Officers
    • Description: Access to metadata and session content as well as configuration options that manage obfuscation and viewing of sensitive data within the system (see Data Privacy Management).

    • User Roles: Respond_Administrator
    • Description:

      Access to all Respond server and Incidents permissions.


    • User Roles: UEBA_Analysts
    • Description:

      Access to the User and Entity Behavior Analytics (UEBA) service in the Investigate > Users view. UEBA is an advanced analytics solution for discovering, investigating, and monitoring risky behaviors across all entities in your network environment.

      Note: You do not need to set up specific permissions for this role. You only need to assign this role to a user, and that user will have access to UEBA.


    Configuring New Accounts

    Each RSA NetWitness Platform user must have an account to log on to the UI. For more information on how to add new user accounts, see "Manage Users with Roles and Permissions" in the System Security and User Management Guide.

    Caution: RSA recommends that you ensure that users are approved by the company for logging on to the system before creating an account for them. Even if users are approved, RSA recommends that you only assign the minimum set of access permissions that enable the users to perform their jobs.

    Authentication Configuration

    User authentication settings are designed to control the process of verifying an identity claimed by a user for accessing NetWitness Platform. For more information, see "Set Up System Security" in the System Security and User Management Guide.

    Below are recommendations for some of the configurations:

    • Default System Administrator Account: RSA recommends that you instruct RSA NetWitness Platform administrators on your corporate IT policy and security best practices to generate and manage passwords for the default System Administrator account. RSA recommends that you change the default System Administrator password and the admin passwords for the service accounts per your company's password policy. For more information on password strength settings, see "Password Strength" in the System Security and User Management Guide. You should change the System Administrator password using the Admin user preferences. For instructions on how to change the password, see "Change the Default admin Passwords" in the System Security and User Management Guide.
    • External Authentication: RSA NetWitness Platform supports external authentication. For more information, see "Configure External Authentication" in the System Security and User Management Guide.

    User Passwords

    NetWitness Platform Users

    Administrators can set the appropriate level of password strength for the user and can force users to change their passwords when password strength policy changes. Administrators can specify the global default user password expiration period and the notification period for the password expiry. For more information, see "Configure System-Level Security Settings" in the System Security and User Management Guide.

    The following table shows the default security parameters settings for passwords.

    Caution: RSA recommends that you change these settings in accordance with your corporate policy. Users must ensure the idle period and session time-out is specified.

    • Parameter: Global Default User Password Expiration Period
    • Default Setting: 0

    • Parameter: Notify User Days Prior to Password Expiry
    • Default Setting: 5

    NetWitness Platform Core Service Users

    Administrators can change the password of a service user and replicate the new password to all the NetWitness Platform Core services with the defined user account. For more information, see "Change a Service User Password" in the Host and Services Configuration Guide.

    You can also change your password from the Preferences panel in the Profile view. For more information, see "Profile View Preferences Panel" in the NetWitness Platform Getting Started Guide.

    Security Parameter Settings

    The following table shows the default security parameters settings.

    Caution: RSA recommends that you change these settings in accordance with your corporate policy.

    • Parameter: Lockout Period
    • Default Setting: 20 minutes

    • Parameter: Idle Period
    • Default Setting: 10 minutes

    • Parameter: Session Timeout
    • Default Setting: 480 minutes

    • Parameter: Max Login Failures
    • Default Setting: 5

    For more information on security parameter settings, see "Configure System-Level Security Settings" in the System Security and User Management Guide.

    Kibana Health and Wellness Interface

    You can change the default password of the Kibana UI. For more information, see the "Changing Kibana Password" in the System Maintenance Guide.

    Previous Topic: Access Control Settings
    Next Topic: User Authorization
    You are here
    Table of Contents > Security Configuration Settings > Access Control Settings > User Authentication