ESM: Manage Event Source Tab

Document created by RSA Information Design and Development on Jul 15, 2016Last modified by RSA Information Design and Development on Feb 27, 2017
Version 5Show Document
  • View in full screen mode

You use the Manage Event Source screen to perform the following tasks:

  • Show Event Source Details
  • Add attribute values to an event source
  • Remove attribute values for an event source

To view the Manage Event Source screen for an event source:

  1. In the Security Analytics menu, select Administration > Event Sources.
  2. Select the Manage tab.
  3. From the Event Sources pane, select an event source from the list and click + click + or 104ApplEdit.png.
    This is an example of the New Event Source tab:

Procedures related to this tab are described in Create an Event Source and Edit Attributes.


The settings in the Manage Event Source tab are a combination of auto-populated and user-entered information. When an event source sends log information to Security Analytics, it is added to the list of event sources, and some basic information is auto-populated. At any time after that, users can add or edit details for other event source attributes.

This figure shows an example of the Identification, Properties, and Importance sections.


This figure shows an example of the Zone, Location, and Organization sections.


This table describes the event source attribute categories.

Attribute SectionDescription

These attributes are the main attributes that collectively identify an event source.

The following attributes are auto-populated, and cannot be changed while on this screen:

  • IP address
  • IPv6 value
  • Hostname
  • Event Source Type

These attributes can be modified:

  • Log Collector
  • Log Decoder

These attributes provide the name and description.

  • Name
  • DNS Hostname
  • Description

These attributes can be used for grouping by priority.

  • Priority
  • Criticality
  • Compliance

These attributes can be used for grouping by zone.

  • WAN (Wide Area Network)
  • LAN (Local Area Network)
  • Security
  • Operational

These attributes can be used to group by the physical or geographical location.

  • Country
  • State
  • County
  • Province
  • City
  • Campus
  • Postal Code
  • Building
  • Floor
  • Room

These attributes can be used to group by organization, and also to provide contact information.

  • Company
  • Division
  • Business Unit
  • Department
  • Group
  • Contact
  • Contact Phone
  • Contact Email

These attributes specify those responsible for the event source.

  • Manager
  • Primary Administrator
  • Backup Administrator

These attributes specify the physical properties for the event source.

  • Vendor
  • Serial Number
  • Asset Tag
  • Voltage
  • UPS Protected
  • Rack Height
  • Depth
  • BTU Output
  • Color

These attributes can be used to group by function.

  • Primary Role
  • Sub Role 1
  • Sub Role 2
System Information

These attributes specify system information.

  • Domain Name
  • System Name
  • Identifier
  • System Description 
CustomThis section provides eight custom attributes, for any other attributes that your organization might need.
Previous Topic:Settings Tab
Next Topic:Troubleshooting
You are here
Table of Contents > Reference > Manage Event Source Tab