|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Event Stream Analysis (ESA), Reporting Engine, Security Analytics UI
RSA Version/Condition: 10.4.1.0
O/S Version: EL6
User wants to get information about blacklisted IP addresses in order to have a list with the IP addresses in the Reporting Engine.
He then wants to get ESA alerts based on events matching this Blacklisted IP list.
ESA rules only work with meta so as a workaround it is possible to use the 'In Memory Enrichment feature' in ESA in order to refer to this Blacklist IP list on the ESA Module.
To do this, the steps below must be followed.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
|Notes||For more information on the In-Memory Enrichment Table, refer to the Security Analytics User Guide.|