Alerting: Configure a Database as Enrichment Source

Document created by RSA Information Design and Development on Apr 22, 2016
Version 1Show Document
  • View in full screen mode
 
  

You can configure a database as an enrichment source so you can add it to a rule. Then the Esper engine that analyzes events can access the information in the database to provide additional information in the alert.

For example, a rule detects users that attempt to sign up for a stealth email service. Twenty-five users match the rule criteria. The alert contains 25 User IDs. An external database would enhance the alert by providing the following additional information for each User ID:

  • Name
  • Title
  • Department
  • Office Location
  • Reports To

You can edit, duplicate, import or export a database connection.

Prerequisites

You must configure a database connection. For more information, see Configure a Database Connection.

Procedure

To configure database as an enrichment source:

  1. In the Security Analytics menu, select Alerts > Configure.
  2. Click the Settings tab.
    The Settings tab is displayed.
  3. In the options panel, select Enrichment Sources.
    The Enrichment Sources panel is displayed.
    16. Enrichment_Sources.png
  4. From the Add drop-down drop-down menu, select External DB Reference. You have to add a DB reference in order for the DB to be listed.
    The External DB Reference dialog is displayed.
    12. ExternalDB_EnrichmentSource.png
  5. Select Enable to enrich alert with additional data. This is selected by default. If disabled, the alert will not be enriched with additional data.
  6. In the User-Defined Table Name field, type a name to identify or label the database configuration.
  7. In the Description field, type a brief description about the database configuration.
  8. In the Database Connection drop-down menu, select the database connections defined.
  9. In the Table Name field, enter database table name.
  10. Click Save.

For details on parameters and their descriptions, see Settings Tab.

You are here: Add a Data Enrichment Source > Enrichment Sources > Configure a Database as Enrichment Source

Attachments

    Outcomes