To onboard RSA NetWitness Detect AI, existing customers with RSA NetWitness Platform version 11.5.2 or later can share their tenant administrative user details with the RSA Sales team. The RSA Sales team then onboards the first administrative user from your organization to kick-start the set up process. The administrative user then receives a welcome email that contains the RSA NetWitness Detect AI access URL, a user name, and a temporary password. Ensure that you reset the password at the first login.
The following checklist includes the steps to set-up and use RSA NetWitness Detect AI:
Ensure that you configure the actual time on the Cloud Link Service (Log Decoder Host). Sync the device Network Time Protocol (NTP) with the NTP service on the admin server. For more information on how to configure NTP Sever, see Configure NTP Servers.
The host on which the Cloud Link Service will be installed needs to be connected to Amazon Web Services(AWS). This might require changes to your existing firewall rules. Hosts will need to connect to the IP ranges for the chosen deployment region. For more information on the current list of AWS IPs by region, see AWS IP address ranges.
(Optional) Ensure that you configure the proxy settings from NetWitness Platform version 11.5.3 or later, before installing the Cloud link Service. For more information, see How to configure the proxy for the Cloud Link Service.
|1. Understanding NetWitness Detect AI||• What is NetWitness Detect AI
• What use cases does NetWitness Detect AI address • How Does Detect AI Work
• What are the types of NetWitness Detect AI licenses
|2. Log in to your account and perform the initial set up tasks||• How to log in to your account • How to set up and manage administrators • How to enable multi-factor authentication for your account|
|3. Understanding Cloud Link Service||• What is Cloud Link Service|
|4. Plan your Cloud Link Service installation||• What are the planning considerations for Cloud Link Service|
|5. Install Cloud Link Service on Log Decoder (11.5.2 or later)||• How to install Cloud Link Service|
|6. Download the activation package||• How to download the activation package
|7. Register the Cloud Link Service||• How to register the Cloud Link Service|
|8. Verify if the Cloud Link Service is working||• How to verify if the Cloud Link Service is working|
|9. Enable data transfer from Detect AI to NetWitness Platform||• How to transfer Detect AI data to RSA NetWitness platform|
|10. Monitor Cloud LinkService||• How to monitor the health of the Cloud Link Service|
|11. (Optional) Enabling email and syslog notifications for Cloud Link Service||• How to configure email or syslog notifications to monitor the service|
|12. Updating the Cloud Link Service automatically||• How to update the Cloud Link Service automatically|
|13. (Optional) Delete Cloud Link Service if no longer required||• How to delete Cloud Link Service|
|14. Install Detect AI with an exsiting on-premise UEBA||• How to Install Detect AI with an existing on-premise UEBA|
|15. (Optional) Configure proxy setting for the Cloud Link Service||• How to configure the proxy for Cloud Link Service|
After completing the set-up, you can perform several tasks to respond to threats reported by NetWitness Detect AI. For more information, see RSA NetWitness Detect AI for Analyst.