In most cases, the administrator will receive a request for custom meta from threat hunter. At this point, administrator performs the following steps to set up custom meta collection from a data feed. Reviews the request for custom meta with the threat hunter (requester). Collect custom meta. Create Custom Meta Keys Using Custom Feed This…
This topic tells administrators how to change the default storage password for the Data Science database. In Security Analytics, this procedure is optional. However, it is always a best practice to change any default password for added security. In organizations that do not allow default passwords, this procedure is mandatory. Prerequisites…
This topic tells administrators how to change the default storage password for the MongoDB admin account. In Security Analytics, this procedure is optional. However, it is always a best practice for administrators to change any default password for added security. Some organizations do not allow default passwords. Note: You must change the…
This topic describes the components of the Services Config view Advanced tab for ESA. If you want to configure advanced settings for an ESA service, you can do that from the Services Config view > Advanced tab of the ESA. Features The following are the sections in the Advanced view: Alert Engine Event Stream Engine Alert Engine…
This topic tells administrators how to configure the ESA to use a memory pool. A memory pool is a customized implementation of virtual memory for events held by rules in ESA. This helps in scaling the capability of rules by an order of magnitude. When you want to create rules that cover a large time span or which are very complex, you may…
This topic tells administrators how to configure the ESA to use capture time ordering when using two or more Concentrators as a source. By default, ESA uses the ESA time stamp (time at which events are received by the ESA) to correlate events. However, ESA also supports session-ordering based on capture time (the time at which the packet or…
This topic provides information on how to add the Event Stream Analysis (ESA) service on a host. Prerequisites Ensure that you have installed an ESA service and added the host in Security Analytics. For more information, see "Step 1: Add or Update a Host" in the "Host and Services Getting Started Guide." Procedure To add the Event Stream…
Loading...