The Security Analytics Event Stream Analysis (ESA) service runs rules that specify criteria for problem behavior or threatening events in your network. When ESA detects an incident that matches rule criteria, it generates an alert.
To generate alerts, ESA performs the following functions:
- Gathers data
- Runs ESA rules against the data
- Captures events that meet rule criteria
- Generates alerts for those captured event
You use the Alerts module to gain visibility into your network and to detect problems in it.