This topic explains how to add a deployment, which includes an ESA service and a set of ESA rules.
You add a deployment to organize and manage ESA services and rules. Think of the deployment as a container for both components:
- An ESA service
- A set of ESA rules
For example, if you add a Spam Activity deployment it could include ESA London and a set of ESA rules to detect suspicious email activity.
- The ESA service must be configured on the host. See Configure Event Stream Analysis (ESA) in the Event Stream Analysis (ESA) Configuration Guide.
- Rules must be in the Rule Library. See Add Rules to the Rule Library.
To add a deployment:
- In the Security Analytics menu, select Alerts > Configure.
The Rules tab is displayed.
- In the options panel, next to Deployments, select > Add.
The Deployment view is displayed on the right.
- Type a name for the deployment. The naming convention is up to you.
For example, it could indicate the purpose or identify an owner.
- Press Enter.
The deployment is added.