Event sources are network sources that send information about events to the RSA NetWitness® Platform. They can be physical devices, such as laptops, network switches or firewall, and virtual or cloud-based applications, such as VMware. For example:
- An Apache HTTP Server
- Amazon Web Services CloudTrail
- A Barracuda Web Application Firewall
- A connection to Dropbox
- An Oracle Database
- A VMware vCenter Server
You first configure all of your event sources so that they can communicate with the NetWitness Platform. RSA provides configuration guides for many common event sources, using a variety of collection methods (such as Syslog or file collection). After you have your event sources configured, use the information in this guide to manage them going forward.