000037668 - How to view Incident name with ESA alert name

Document created by RSA Customer Support Employee on Jul 13, 2019Last modified by RSA Customer Support Employee on Jul 13, 2019
Version 2Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000037668
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Version/Condition: 11.x
Platform: CentOS
O/S Version: 7
IssueAll incidents name appears with <Incident Rule> for <Source IP Address> details by default. (shown below)

Name Grouped by ip.src

This is due to Group by value set "Source IP Address" as default parameter in Incident Rules.
ResolutionPlease follow below steps to get Incident Name with ESA alert title.
  1. 1. Login to Netwitness GUI.
  2. 2. Navigate to CONFIGURE->Incident Rules to view list of rules.
  3. 3. Edit the rule wish to change the Name.
  4. 4. Locate GROUPING OPTIONS-> GROUP BY and Select "Alert Name" from drop down as below and Save rule.
    Grouping
     
  5. 5. Verify new incidents comes with ESA alert title in Incident name as below by Navigating to RESPOND->Incidents page.
    ESA title



     

Attachments

    Outcomes