Data enrichment fails to post files when IP/DNS names are changed

book

Article ID: 222579

calendar_today

Updated On:

Products

Security Analytics Security Analytics - VA

Issue/Introduction

If you need to change the IP address or DNS name of a 3rd party data enrichment server, such as Titanium Scale, will Security Analytics automatically start sending artifacts to the new address?

Do you need to restart any services before settings will take affect?

Resolution

When you change the IP address or the DNS name of any 3rd party enrichment provider, Security Analytics should automatically start sending rule hits to the new address without the need to restart any services. If this is not happening, you can try to restart the tonic service or you can restart all Security Analytics services.

To restart tonic, at the command line, enter this command:  systemctl restart tonicd

To restart all services, at the command line, enter these commands:  scotus stop  (wait for all services to stop).   Then run:  scotus start