Skip to content
  • There are no suggestions because the search field is empty.

NetWitness Orchestrator Performance

Issue

There are some instances, where the customer running the playbook took approx.10 minutes to be executed. However, the same playbook took less than a minute on the cloud instance. We verified all the configurations and resources on the application and they seem to be okay.


Cause

On continued troubleshooting, we observed that it is related to the java Keystore. The default that TC application installs, has a format of JKS. From JAVA 9 upwards the default format is PKCS12.

If any customer needs their certificates and CA in the Keystore, which they would need if they want to run Services, like monitoring Netwitness Respond, they will follow Appendix B of the install guide.

The documented step says that we should rename the original keystore.jks and create a new one using:

keytool -genkeypair -alias tc -keyalg RSA -keystore keystore.jks -storepass yourPassword --dname "CN=threatconnect"

As they are running JAVA 11, this is creating a store in the PKCS12 format, and from that moment onwards all playbooks execute approximately 10 times slower than usual.

In order to get a JKS type of Keystore, the above command should be changed to:

keytool -genkeypair -alias tc -keyalg RSA -keystore keystore.jks -storepass yourPassword --dname "CN=threatconnect" -storetype JKS

Resolution

Run the below command to validate the output: 

keytool -list keystore.jks

if it gives:
Keystore type: JKS
Keystore provider: SUN
Then you are all set.

If it shows PKCS12, you should convert the key store to JKS:
  • keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore_new.jks -deststoretype JKS
  • systemctl stop threatconnect
  • cp keystore.jks keystore.jks.bkup
  • mv keystore_new.jks keystore.jks
  • chown threatconnect:threatconnect keystore.jks
  • chmod +x keystore.jks
  • systemctl start threatconnect

Internal Comments

This has been raised to TC team and the document change request has been suggested. The upcoming installation guide will have the updated command.


Product Details

Threat Connect (on-prem installation) 
Version: 6.4.x, 6.5.x, 6.6.x

Summary

Playbook takes 10 times more time to get executed on TC where the JAVA version has been updated to 11


Approval Reviewer Queue

Technical approval queue