ESA Config: Step 3. Configure Advanced Settings for an ESA Service

Document created by RSA Information Design and Development on Apr 26, 2016Last modified by RSA Information Design and Development on Feb 9, 2017
Version 2Show Document
  • View in full screen mode
  

This topic provides instructions to configure advanced settings for an Event Stream Analysis service.

In the Advanced view, you can configure advanced settings to improve performance, to preserve events for rules with multiple events, to buffer events in memory, and the number of events to be stored on the ESA.

Procedures

Configure Advanced Settings

To access the Advanced view and configure advanced settings for an ESA service:

  1. In the Security Analytics menu, select Administration > Services.
    The Services view is displayed.
  2. In Services view, select an ESA service. 
  3. In the Actions column, select View > Config.
  4. Select the Advanced tab.
    The Advanced view is displayed.

Configure Alert Engine Settings

In the Alert Engine section, you specify values to preserve events for rules that choose multiple events.

Note: After you upgrade to 10.5, the Debug Rules option if enabled previously will be disabled. You will need to enable this option after upgrade. 

The following figure shows the Alert Engine section.

To configure Alert Engine settings:

  1. In the Alert Engine section, specify a value for Max Constituent Events. The default value is 100.
  2. If you want alerts to be sent to Message Bus and Incident Management, select the Forward Alerts On Message Bus option.
  3. Select Debug Rules? to enable debugging rules.
  4. Click Apply to save the changes and put them into effect immediately.

Note: For more information on the parameters in the Alert Engine section, see Alert Engine Settings in ESA Advanced View.

Configure Event Stream Engine Settings

In the Event Stream Engine section, you specify details to improve performance.

The following figure shows the Event Stream Engine section.

To configure Event Stream Engine settings:

  1. In the Event Stream Engine section, specify Max Pattern Subexpressions.
  2. Click Apply to save the changes and put them into effect immediately.

Note: For more information on the parameters in the Event Stream Engine section, see Event Stream Engine Settings in ESA Advanced View.

You are here
Table of Contents > Configure ESA > Step 3. Configure Advanced Settings for an ESA Service

Attachments

    Outcomes