Issues occur after changing the RSA Security Analytics admin password

Issue

Issues occur after changing the RSA Security Analytics admin password.
Unable to edit Reporting Engine alerts after changing the admin password in Security Analytics.
Meta can be seen in the Investigation module, but the error "No log data" is shown in the Logs column for Events.

Cause

This issue occurs because all data sources configured before the Admin password changed have become invalid.

Workaround

The admin password is changed by following the steps in the RSA Security Analytics documentation.

Resolution

** Things to be re-configured after SA Admin password changed:

1. Confirm if deviceappliance user password is also changed. e.g. Administration \ Devices \ Decoder \ Explore \ deviceappliance \ users \ accounts \ admin \ config
2. In each devices added in Administration \ Devices, Edit devices and enter the new password changed, test connection and save it.
3. If ESA is in use, go to ESA \ Config \ Data sources tab, double click on the linked concentrator and change the admin password.
4. For Concentrator, it is necessary to remove and re-add linked Decoders from Concentrator, Administration \ Devices \ Concentrator \ Config \ General \ Aggregate Devices
5. For Broker, it is necessary to delete the linked concentrators in the config panel and link them again.
6. For SA Reporting Engine, Administration \ Devices \ SA Reporting Engine \ Config \ Sources tab \ Remove data source and re-add it.

Notes

This issue is being tracked in the JIRA ticket SATCE-482, in which a documentation enhancement has been requested.

Internal Comments

UserName:shurtj
8/20/2014 3:14:21 PM - Technically Reviewed
Technically reviewed the article and changed its status to Copy Edited. Updated article and made changes to abide by Primus best practices.

Product Details

RSA Security Analytics
INTERNAL ONLY!!!