Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000037668 - How to view Incident name with ESA alert name

Document created by RSA Customer Support

on Jul 13, 2019•Last modified by RSA Customer Support

on Jul 13, 2019

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000037668
Applies To	RSA Product Set: NetWitness Logs & Network RSA Version/Condition: 11.x Platform: CentOS O/S Version: 7
Issue	All incidents name appears with <Incident Rule> for <Source IP Address> details by default. (shown below) This is due to Group by value set "Source IP Address" as default parameter in Incident Rules.
Resolution	Please follow below steps to get Incident Name with ESA alert title. 1. Login to Netwitness GUI. 2. Navigate to CONFIGURE->Incident Rules to view list of rules. 3. Edit the rule wish to change the Name. 4. Locate GROUPING OPTIONS-> GROUP BY and Select "Alert Name" from drop down as below and Save rule. 5. Verify new incidents comes with ESA alert title in Incident name as below by Navigating to RESPOND->Incidents page.

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links

Recently Published Knowledge Base Articles for RSA NetWitness® Logs & Network