.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Which protocols are used between a Virtual Log Collector and a local collector in RSA Security Analytics?
Issue
Which cryptographic protocols are used between a Virtual Log Collector (VLC) and a local collector in RSA Security Analytics when transferring the collected logs?
Resolution
Virtual Log Collectors use RabbitMQ to forward the collected logs to local collectors.Beginning in RSA Security Analytics 10.6.3.0, TLS 1.0 and TLS 1.1 are disabled on both ports 5671 and 15671 leaving TLS 1.2 as the only supported protocol.
This setting can be viewed in the /etc/rabbitmq/rabbitmq.config file on the collectors.
Product Details
RSA Product Set: NetWitness Logs & Packets, Security AnalyticsRSA Product/Service Type: Log Collector, Virtual Log Collector (VLC)
RSA Version/Condition: 10.6.3.x, 10.6.4.x
Platform: CentOS
O/S Version: EL6
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue