To onboard RSA NetWitness Detect AI, existing customers with RSA NetWitness Platform version 11.5.2 or later can share their tenant administrative user details with the RSA Sales team. The RSA Sales team then onboards the first administrative user from your organization to kick-start the set up process. The administrative user then receives a welcome email that contains the RSA NetWitness Detect AI access URL, a user name, and a temporary password. Ensure that you reset the password at the first login.
The following checklist includes the steps to set-up and use RSA NetWitness Detect AI:
Ensure that you configure the actual time on the Cloud Link Service (Log Decoder Host). Sync the device Network Time Protocol (NTP) with the NTP service on the admin server. For more information on how to configure NTP Sever, see Configure NTP Servers.
The host on which the Cloud Link Service will be installed needs to be connected to Amazon Web Services(AWS). This might require changes to your existing firewall rules. Hosts will need to connect to the IP ranges for the chosen deployment region. For more information on the current list of AWS IPs by region, see AWS IP address ranges.
(Optional) Ensure that you configure the proxy settings from NetWitness Platform version 11.5.3 or later, before installing the Cloud link Service. For more information, see How to configure the proxy for the Cloud Link Service.
After completing the set-up, you can perform several tasks to respond to threats reported by NetWitness Detect AI. For more information, see RSA NetWitness Detect AI for Analyst.