Reporting Engine: Overview

Document created by RSA Information Design and Development on Apr 15, 2016Last modified by RSA Information Design and Development on May 3, 2016
Version 3Show Document
  • View in full screen mode

This topic is an overview of the Reporting Engine. The Reporting Engine supports the definition and generation of reports and alerts that you maintain in the RSA Security Analytics Reporting and Alerting module views and dashlets.  A Reporting Engine:

  • Facilitates the delivery of selected data to the Reporting and Alerting module views (NetWitness meta data and IPDB event data).
  • Stores rules definitions that govern how the data is represented in reports and alerts.
  • Manages the alert queue by allowing you to enable and disable alerts.

    A Reporting Engine runs reports and alerts based on the data drawn from a data source so you must associate a data source, or multiple data sources, to a Reporting Engine. There are three types of data sources:

  • IPDB Data Sources - The Internet Protocol Database (IPDB) data source contains both normalized and raw event messages. It stores all collected messages in a file system organized by event source (device), IP address, and time (year/month/day) with index files to facilitate searches (report and queries).
  • NWDB Data Sources - The NetWitness Database (NWDB) data sources are Decoders, Log Decoders, Brokers, Concentrators, Archiver, and Collection.
  • Warehouse Data Sources - The Warehouse data sources are Pivotal and MapR.
You are here: Reporting Engine Configuration Guide