Alerting: How Deployment Works

Document created by RSA Information Design and Development on Jul 20, 2016Last modified by RSA Information Design and Development on Apr 26, 2017
Version 2Show Document
  • View in full screen mode
 

A deployment consists of an ESA service and a set of ESA rules. When you deploy rules, the ESA service runs them to detect suspicious or undesirable activity in your network. Each ESA rule detects a different event, such as when a user account is created and deleted within one hour.

The ESA service performs the following functions:

  1. Gathers data in your network
  2. Runs ESA rules against the data
  3. Applies rule criteria to data
  4. Generates an alert for the captured event

The following graphic shows this workflow:
deploy_1a.PNG
 

The following sections describe how to create a deployment and add an ESA service and set of rules to it.

You are here
Table of Contents > Alerting: How Deployment Works

Attachments

    Outcomes