Skip to content
  • There are no suggestions because the search field is empty.

Respond-server Configuration

Respond-server ConfigurationRespond-server Configuration

MigrationPropertiesMigrationProperties

  • Name:

    rsa.migration.im-data-path

  • Default value:

    /opt/rsa/im

  • Type:

    string

  • Description:

    The location of the 10.x IM service


  • Name:

    rsa.migration.max-retries

  • Default value:

    200

  • Type:

    integer

  • Description:

    Number of time respond attempts to run the migration in case unable to connect mongo or mongo is down.


  • Name:

    rsa.migration.time-to-wait-between-retries

  • Default value:

    60

  • Type:

    seconds

  • Description:

    Frequency (in seconds) how often respond try to connect mongo


RespondPrimaryPropertiesRespondPrimaryProperties

  • Name:

    rsa.primary.host

  • Default value:

    true

  • Type:

    boolean

  • Description:

    Determine whether the current respond service is running on the primary


  • Name:

    rsa.primary.mode

  • Default value:
  • Type:

    respondprimaryproperties$scheduledjobsmode

  • Description:

    Mode of current respond server


AlertRulePropertiesAlertRuleProperties

  • Name:

    rsa.respond.alertrule.batch-size

  • Default value:

    1000

  • Type:

    long

  • Description:

    The number of alerts to be processed by rule in a batch


  • Name:

    rsa.respond.alertrule.counter-reset-interval-days

  • Default value:

    7

  • Type:

    integer

  • Description:

    How often should rule counters be reset


  • Name:

    rsa.respond.alertrule.enabled

  • Default value:

    true

  • Type:

    boolean

  • Description:

    Alert rules enabled


  • Name:

    rsa.respond.alertrule.frequency

  • Default value:

    5

  • Type:

    seconds

  • Description:

    The frequency of the alert rule job


  • Name:

    rsa.respond.alertrule.last-counter-reset-time

  • Default value:

    0

  • Type:

    long

  • Description:

    Timestamp for when the rule counters were reset


ArcherIntegrationPropertiesArcherIntegrationProperties

  • Name:

    rsa.respond.archer.export.user-domain

  • Default value:
  • Type:

    string

  • Description:

    Archer UserDomain, to be set only when LDAP is enabled on Archer


RespondCachePropertiesRespondCacheProperties

  • Name:

    rsa.respond.cache.user-cache-expiry

  • Default value:

    2

  • Type:

    seconds

  • Description:

    How often to query security server for the latest user information like their email


  • Name:

    rsa.respond.cache.user-cache-size

  • Default value:

    1000

  • Type:

    integer

  • Description:

    Total size of the user cache


DataRetentionConfigurationDataRetentionConfiguration

  • Name:

    rsa.respond.dataretention.enabled

  • Default value:

    false

  • Type:

    boolean

  • Description:

    Is the data retention job enabled


  • Name:

    rsa.respond.dataretention.execution-hour

  • Default value:

    0

  • Type:

    integer

  • Description:

    Hour at which to run the job


  • Name:

    rsa.respond.dataretention.frequency

  • Default value:

    24

  • Type:

    seconds

  • Description:

    How often should the job to delete old alerts/incidents run


  • Name:

    rsa.respond.dataretention.retention-period

  • Default value:

    90

  • Type:

    seconds

  • Description:

    How long should alerts/incidents be stored


IndicatorAggregationJobConfigIndicatorAggregationJobConfig

  • Name:

    rsa.respond.indicatoraggregationrule.schedule-delay

  • Default value:

    0

  • Type:

    long

  • Description:

    Delay and frequency of indicator aggregation jobs


  • Name:

    rsa.respond.indicatoraggregationrule.schedule-rate

  • Default value:

    5000

  • Type:

    long

  • Description:

  • Name:

    rsa.respond.indicatoraggregationrule.seek-ahead-days

  • Default value:

    0

  • Type:

    integer

  • Description:

    How many days ahead should indicator aggregation go from incident window close time.


  • Name:

    rsa.respond.indicatoraggregationrule.seek-back-days

  • Default value:

    1

  • Type:

    integer

  • Description:

    How many days back should indicator aggregation go from first alert received time when aggregating indicators


IntegrationExportPropertiesIntegrationExportProperties

  • Name:

    rsa.respond.integration.export.archer-exchange-name

  • Default value:

    incidents.archer

  • Type:

    string

  • Description:

  • Name:

    rsa.respond.integration.export.archer-sec-ops-integration-enabled

  • Default value:

    false

  • Type:

    boolean

  • Description:

  • Name:

    rsa.respond.integration.export.breach-integration-enabled

  • Default value:

    false

  • Type:

    boolean

  • Description:

  • Name:

    rsa.respond.integration.export.escalation-settings

  • Default value:
  • Type:

    map

  • Description:

  • Name:

    rsa.respond.integration.export.export-incident-enabled

  • Default value:

    true

  • Type:

    boolean

  • Description:

  • Name:

    rsa.respond.integration.export.help-desk-integration-enabled

  • Default value:

    false

  • Type:

    boolean

  • Description:

NormalizationPropertiesNormalizationProperties

  • Name:

    rsa.respond.normalization.alerts-queued

  • Default value:

    100

  • Type:

    integer

  • Description:

    The number of alerts to queue from rabbit before waiting to consume further The more you increase it, the higher chance of losing alerts if respond goes down during normalization


  • Name:

    rsa.respond.normalization.custom-script-filename

  • Default value:

    custom_normalize_alerts.js

  • Type:

    string

  • Description:

    The name of the main custom JavaScript file used to normalize alerts.


  • Name:

    rsa.respond.normalization.indicator-normalization-enabled

  • Default value:

    true

  • Type:

    boolean

  • Description:

    Determines whether the legacy and indicator bindings should be created or not


  • Name:

    rsa.respond.normalization.max-legacy-consumers

  • Default value:

    10

  • Type:

    integer

  • Description:

    The maximum number of consumers that can consume from the legacy alerting exchange.


  • Name:

    rsa.respond.normalization.script-directory

  • Default value:

    scripts

  • Type:

    string

  • Description:

    The name of the directory, relative to the service home directory, that contains the normalization JavaScript files.


  • Name:

    rsa.respond.normalization.script-filename

  • Default value:

    normalize_alerts.js

  • Type:

    string

  • Description:

    The name of the main JavaScript file used to normalize alerts.


  • Name:

    rsa.respond.normalization.shutdown-timeout

  • Default value:

    30

  • Type:

    seconds

  • Description:

    The maximum amount of time to wait to finish processing alerts that have been received before shutting down the service.


  • Name:

    rsa.respond.normalization.thread-count

  • Default value:

    4

  • Type:

    integer

  • Description:

    The number of threads to use to normalize and persist alerts.


  • Name:

    rsa.respond.normalization.transient-indicator-normalization-enabled

  • Default value:

    true

  • Type:

    boolean

  • Description:

    Determines whether the low priority transient alerts binding should be created or not


QueryPropertiesQueryProperties

  • Name:

    rsa.respond.query.default-batch-size

  • Default value:

    100

  • Type:

    long

  • Description:

    Default chunk/batch size to send a stream of items to the client (client may override)


  • Name:

    rsa.respond.query.default-query-limit

  • Default value:

    1000

  • Type:

    long

  • Description:

    Default number of items to send to the client in response to a single request (client may override)


  • Name:

    rsa.respond.query.max-query-limit

  • Default value:

    5000

  • Type:

    long

  • Description:

    Max number of items to send to the client in response to a single request


,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, should that changes be tracked and latest name should be saved,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, should that changes be tracked and latest name should be saved,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, it has just one JSONPath enough to read all direct occurrences of the given userMeta values from source and destination metas in all events in an alert.,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,, ,,,,,,,