If you need to change the IP address or DNS name of a 3rd party data enrichment server, such as Titanium Scale, will Security Analytics automatically start sending artifacts to the new address?
Do you need to restart any services before settings will take affect?
When you change the IP address or the DNS name of any 3rd party enrichment provider, Security Analytics should automatically start sending rule hits to the new address without the need to restart any services. If this is not happening, you can try to restart the tonic service or you can restart all Security Analytics services.
To restart tonic, at the command line, enter this command: systemctl restart tonicd
To restart all services, at the command line, enter these commands: scotus stop (wait for all services to stop). Then run: scotus start