CA threat Analytics health status is showing Critical
Article ID: 191915
CA Threat Analytics for PAM
We have integrated CA Threat Analytics with CA PAM. We have found that CA threat Analytics health status is showing Critical. The screenshot below shows the consistent Critical statys with no change for more than 1 week.
The threat sever may be expeirncing a problem, try the following:
1- Reboot the Threat server 2- Threat server reboots and comes back good. No reoccurence, good. Critical again, see #3. 3- Threat server eventually goes to a Critical status again (may be a long period of no issue or possibly very soon). Plan on rebuilding that same server or actually upgrading to the latest depending on your version of CAPAM:
Release : 2.2.X
Component : THREAT ANALYTICS FOR PRIVILEGED ACCESS MANAGER
Depending on the version of your CAPAM node(s) and the version of your Threat server, you may need to upgrade the Threat server and possibly CAPAM:
1- Verify the version of CAPAM and the Threat server version you should be using:
3- To upgrade the Threat version, you will have to install a new OVA. The data can be transferred between the 2 versions by using the admin app on the Threat Server to create a backup from the old and restoring the backup in the new one:
4- Still having problems? Log into the Threat Sever or VM and collect the logs from /var/log/interlock. The messages can and are usually very helpful
NOTE - Some old servers do not support TLS1.2 and many new servers do not support TLS1.0/1.1 because of the updated crytography/algorithms. Threat Analytics for PAM 2.2.2 or below only supports sslv3 or tls1.0. If your CAPAM installation requires tlsv1.1 or tlsv1.2 security, you will need to upgrade to Threat Analytics for PAM 2.2.3.