.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
If Netwitness Server and Malware Analysis OS timezone are not configured as UTC, it displays differences between "Date Archived" and "Session Time" of Malware GUI.In case of KST(Korea Standard Time) OS timezone, it shows 30 minutes time differences in Malware GUI as shown below.
Cause
This is because the RSA Netwitness Server and Malware Analysis OS timezones are not configured to use UTC as shown in the example below(KST).
Workaround
If the customer does not allow to change current OS timezone, follow these steps to fix the issue.- Connect to the Malware Analysis appliance via SSH.
- Add the following phrase ("-Duser.timezone=UTC") starting "ExecStart" variable in /etc/systemd/system/multi-user.target.wants/rsa-nw-malware-analytics-server.service as shown below.
- Restart the Malware Analysis service.
# systemctl daemon-reload
# systemctl restart rsa-nw-malware-analytics-server.service
# systemctl restart rsa-nw-malware-analytics-server.service
After the above steps, the time difference issue will be resolved.
Resolution
You can fix this issue if you change the RSA Netwitness Server and Malware Analysis OS timezones from {Your_Timezone} to UTC.
Product Details
RSA Product Set: NetWitness Logs & NetworkRSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.x
Platform: Cent OS
O/S Version: 7
Product Name: RSA NetWitness
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue