Alerting: How ESA Generates Alerts

Document created by RSA Information Design and Development on Jul 26, 2016Last modified by RSA Information Design and Development on Jul 26, 2016
Version 2Show Document
  • View in full screen mode
 

The Security Analytics Event Stream Analysis (ESA) service runs rules that specify criteria for problem behavior or threatening events in your network. When ESA detects an incident that matches rule criteria, it generates an alert.

To generate alerts, ESA performs the following functions:

  1. Gathers data
  2. Runs ESA rules against the data
  3. Captures events that meet rule criteria
  4. Generates alerts for those captured event

You use the Alerts module to gain visibility into your network and to detect problems in it.

You are here: Alerting: How ESA Generates Alerts

Attachments

    Outcomes