CA threat Analytics health status is showing Critical

book

Article ID: 191915

calendar_today

Updated On:

Products

CA Threat Analytics for PAM

Issue/Introduction

We have integrated CA Threat Analytics with CA PAM. We have found that CA threat Analytics health status is showing Critical.
The screenshot below shows the consistent Critical statys with no change for more than 1 week.


Cause

The threat sever may be expeirncing a problem, try the following:

1- Reboot the Threat server
2- Threat server reboots and comes back good.  No reoccurence, good. Critical again, see #3.
3- Threat server eventually goes to a Critical status again (may be a long period of no issue or possibly very soon). Plan on rebuilding that same server or actually upgrading to the latest depending on your version of CAPAM:

Environment

Release : 2.2.X

Component : THREAT ANALYTICS FOR PRIVILEGED ACCESS MANAGER

Resolution

Depending on the version of your CAPAM node(s) and the version of your Threat server, you may need to upgrade the Threat server and possibly CAPAM:

1- Verify the version of CAPAM and the Threat server version you should be using:

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-2/release-information/supported-environments.html

2- Upgrade CAPAM?

3- To upgrade the Threat version, you will have to install a new OVA.
The data can be transferred between the 2 versions by using the admin app on the Threat Server to create a backup from the old and restoring the backup in the new one
:

Deploy CA Threat Analytics Server:

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-2/integrating/integrate-with-ca-threat-analytics/deploy-ca-threat-analytics-server.html

4- Still having problems?  Log into the Threat Sever or VM and collect the logs from /var/log/interlock. The messages can and are usually very helpful

Additional Information

NOTE - Some old servers do not support TLS1.2 and many new servers do not support TLS1.0/1.1 because of the updated crytography/algorithms.
Threat Analytics for PAM 2.2.2 or below only supports sslv3 or tls1.0.
If your CAPAM installation requires tlsv1.1 or tlsv1.2 security, you will need to upgrade to Threat Analytics for PAM 2.2.3.


https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-2/release-information/cryptography.html