Alerting: Step 1: Add a Deployment

Document created by RSA Information Design and Development on Jul 26, 2016Last modified by RSA Information Design and Development on Jul 26, 2016
Version 2Show Document
  • View in full screen mode

This topic explains how to add a deployment, which includes an ESA service and a set of ESA rules.

You add a deployment to organize and manage ESA services and rules. Think of the deployment as a container for both components:

  1. An ESA service
  2. A set of ESA rules

For example, if you add a Spam Activity deployment it could include ESA London and a set of ESA rules to detect suspicious email activity.


  • The ESA service must be configured on the host. See Configure Event Stream Analysis (ESA) in the Event Stream Analysis (ESA) Configuration Guide.
  • Rules must be in the Rule Library. See Add Rules to the Rule Library.


To add a deployment:

  1. In the Security Analytics menu, select Alerts > Configure.
    The Rules tab is displayed.
  2. In the options panel, next to Deployments, select add_deplyment.png > Add.
    The Deployment view is displayed on the right.
  3. Type a name for the deployment. The naming convention is up to you.
    For example, it could indicate the purpose or identify an owner.
  4. Press Enter.
    The deployment is added.
You are here: Deploy Rules to Run on ESA > Required Procedures > Step 1: Add a Deployment