The Reporting Engine supports the definition and generation of reports and alerts that you maintain in the RSA Security Analytics Reporting and Alerting module views and dashlets. A Reporting Engine:
- Facilitates the delivery of selected data to the Reporting and Alerting module views (NetWitness meta data and IPDB event data).
- Stores rules definitions that govern how the data is represented in reports and alerts.
Manages the alert queue by allowing you to enable and disable alerts.
A Reporting Engine runs reports and alerts based on the data drawn from a data source so you must associate a data source, or multiple data sources, to a Reporting Engine. There are three types of data sources:
- IPDB Data Sources - The Internet Protocol Database (IPDB) data source contains both normalized and raw event messages. It stores all collected messages in a file system organized by event source (device), IP address, and time (year/month/day) with index files to facilitate searches (report and queries).
- NWDB Data Sources - The NetWitness Database (NWDB) data sources are Decoders, Log Decoders, Brokers, Concentrators, Archiver, and Collection.
- Warehouse Data Sources - The Warehouse data sources are Pivotal and MapR.
The following checklist points to the tasks that are required to configure a Reporting Engine and configure a data source so that you can use it with Reporting Engine. The tasks are listed in the order in which you must perform them.
You must ensure that the data sources are deployed and configured in Security Analytics. See Step 2 Add a Service to a Host.
|1||Step 1. Add a Reporting Engine to your Security Analytics deployment.|
|2||Step 2. Configure Reporting Engine Settings|
|3||Step 3. Configure Reporting Engine Data Sources and Configure Data Source Permissions.|
|4||Step 4. Configure Output Actions.|
With the basic configuration, you can perform these additional tasks as needed:
- Check Live for the latest data source content and deploy it on a regular basis. (see Step 4 Manage Live Resources topic in the in Live Service Management Guide).
(Optional) Add Additional Space for Large Reports.
- Step 1. Add a Reporting Engine
- Step 2. Configure Reporting Engine Settings
- Step 5. Configure Task Scheduler for a Reporting Engine
- Step 4. Configure Output Actions