Alerting: Step 1: Add a Deployment

Document created by RSA Information Design and Development on Jul 26, 2016Last modified by RSA Information Design and Development on Jul 26, 2016
Version 2Show Document
  • View in full screen mode
 

This topic explains how to add a deployment, which includes an ESA service and a set of ESA rules.

You add a deployment to organize and manage ESA services and rules. Think of the deployment as a container for both components:

  1. An ESA service
  2. A set of ESA rules

For example, if you add a Spam Activity deployment it could include ESA London and a set of ESA rules to detect suspicious email activity.

Prerequisites

  • The ESA service must be configured on the host. See Configure Event Stream Analysis (ESA) in the Event Stream Analysis (ESA) Configuration Guide.
  • Rules must be in the Rule Library. See Add Rules to the Rule Library.

Procedure

To add a deployment:

  1. In the Security Analytics menu, select Alerts > Configure.
    The Rules tab is displayed.
  2. In the options panel, next to Deployments, select add_deplyment.png > Add.
    The Deployment view is displayed on the right.
    DepVw.png
  3. Type a name for the deployment. The naming convention is up to you.
    For example, it could indicate the purpose or identify an owner.
  4. Press Enter.
    The deployment is added.
    DepVw2_snip.png
You are here: Deploy Rules to Run on ESA > Required Procedures > Step 1: Add a Deployment

Attachments

    Outcomes