This topic provides high-level tasks to configure the Security Analytics Event Stream Analysis.
Make sure that you:
- Install the Event Stream Analysis service in your network environment.
- Install and configure one or more Concentrators in your network environment.
Note: You can configure ESA using an SSL port (50030) only. There is no option to configure a Non-SSL port.
To configure Event Stream Analysis:
| ||Refer to "Step 1 : Add or Update a Host" in the "Host and Services Getting Started Guide". Refer to Step 1. Add Event Stream Analysis Service.|
| ||Refer to "View Current Entitlements" in the "Licensing Guide."|
| ||Refer to Step 2. Add a Data Source to an ESA Service|
| ||Refer to "Notification Methods" in the "Alerting Using ESA Guide."|
| ||Refer to "Live Search View" in the "Live Resource Managment Guide".|
| ||Refer to Step 3. Configure Advanced Settings for an ESA Service.|
| ||Refer to "Step 1. Add the Context Hub Service" in the "Context Hub Configuration Guide".|
| ||Refer to Step 4. Configure an ESA to Connect to the Context Hub on Another ESA.|
The Event Stream Analysis service is configured and you can now add ESA Rules for event processing and alerting. For information on adding ESA Rules, see "Add Rules to the Rule Library" in the "Alerting Using ESA Guide."