Use SA ESM database for enrichment with multi-indexed feed

Document created by Miha Mesojedec Employee on May 11, 2016
Version 1Show Document
  • View in full screen mode

RSA Security Analytics has built-in Event Source Management (ESM) capability which provides an easy way to manage event sources and configure alerting policies for your event sources. More details about ESM:


Unfortunately ESM module has limitation and can’t be used for Reporting and RBAC.

Attached guide will explain how you can use event source attributes as Multi-indexed feed and later use it for Reporting and RBAC.

As well using local Assets database on SA server is useful when customer don't have SecOps or you are selling SA to SMB customer.

Below example of dashboard and investigation based on assets information.




2 people found this helpful