Skip navigation
Log in to follow, share, and participate in this community.

Recent Activity

RSA Information Design and Development
View PDF    Event Stream Analysis (ESA) Overview  Configure ESAStep 1. Add Event Stream Analysis Service Step 2. Add a Data Source to an ESA Service Step 3. Configure Advanced Settings for an ESA Service Step 4. Configure an ESA to Connect to the Context Hub on Another ESA  Additional ESA Procedures Change Default Storage PasswordsChange MongoDB…
RSA Information Design and Development
Click to view content  In most cases, the administrator will receive a request for custom meta from threat hunter. At this point, administrator performs the following steps to set up custom meta collection from a data feed. Reviews the request for custom meta with the threat hunter (requester). Collect custom meta. Create Custom Meta Keys Using Custom Feed This…
RSA Information Design and Development
Click to view content   This topic tells administrators how to change the default storage password for the Data Science database. In Security Analytics, this procedure is optional. However, it is always a best practice to change any default password for added security. In organizations that do not allow default passwords, this procedure is mandatory. Prerequisites…
RSA Information Design and Development
Click to view content   This topic tells administrators how to change the default storage password for the MongoDB admin account. In Security Analytics, this procedure is optional. However, it is always a best practice for administrators to change any default password for added security. Some organizations do not allow default passwords. Note: You must change the…
RSA Information Design and Development
   This topic tells administrators how to configure an ESA to connect to the Context Hub on another ESA. Only one Context Hub can be installed per Security Analytics installation. If you have more than one ESA and you run the Context Hub, you need to enable the ESA without the Context Hub to communicate with the Context Hub on another ESA. …
RSA Information Design and Development
Click to view content   This topic describes the components of the Services Config view Advanced tab for ESA. If you want to configure advanced settings for an ESA service, you can do that from the Services Config view > Advanced tab of the ESA. Features The following are the sections in the Advanced view: Alert Engine Event Stream Engine Alert Engine…
RSA Information Design and Development
                                                                     Revision Date Description Author 0.01 28-Jul-2016 Create preliminary draft Info Design & Devel 0.02 9-Sep-2016 1st Review Draft Info Design & Devel 0.03 16-Sep-2016 Incorporate SME review comments - Dave Info Design & Devel 0.04 19-Sep-2016 Add examples and incorporate Abhay's…
RSA Information Design and Development
Click to view content   This topic tells administrators how to configure the ESA to use a memory pool.  A memory pool is a customized implementation of virtual memory for events held by rules in ESA. This helps in scaling the capability of rules by an order of magnitude. When you want to create rules that cover a large time span or which are very complex, you may…
RSA Information Design and Development
Click to view content   This topic tells administrators how to configure the ESA to use capture time ordering when using two or more Concentrators as a source.  By default, ESA uses the ESA time stamp (time at which events are received by the ESA) to correlate events. However,  ESA also supports session-ordering based on capture time (the time at which the packet or…
RSA Information Design and Development
Click to view content   This topic provides information on how to add the Event Stream Analysis (ESA) service on a host. Prerequisites Ensure that you have installed an ESA service and added the host in Security Analytics. For more information, see "Step 1: Add or Update a Host" in the "Host and Services Getting Started Guide." Procedure To add the Event Stream…
Load more items