This topic provides an overview of the Alerts > Configure > Services tab.
The Services tab has the following sections:
- ESA Services panel
- General Stats panel
- Deployed Rule Stats panel
ESA Services Panel
The ESA Services panel lists the name of each ESA service added to Security Analytics.
General Stats Panel
The General Stats panel provides information on the Esper engine, rules and alerts.
The General Stats panel contains the following sections:
- Engine Stats
- Rule Stats
- Alert Stats
If you Enable Cross-Site Correlation, the General Stats panel includes a tab for each Esper engine that processes events:
The table lists and describes the parameters in each section.
|Engine Stats||Esper Version||Esper version running on the ESA service|
|Time||Time when the last event was sent to Esper Engine|
|Events Offered||Number of events analyzed by the ESA service since the last service start|
|Offered Rate||Current events offered rate on the ESA service|
|Rule Stats||Rules Enabled||Number of rules enabled.|
|Rules Disabled||Number of the rules disabled|
|Events Matched||Total number of events matched to all rules on the ESA service|
|Alert Stats||Number of email notifications sent by the ESA service|
|SNMP||Number of SNMP notifications sent by the ESA service|
|Syslog||Number of Syslog notifications sent by the ESA service|
|Script||Number of Script notifications sent by the ESA service|
|Storage||Total number of alerts stored in database|
|Message Bus||Total number of alerts sent to the message bus|
The table describes additional tabs that are displayed when cross-site correlation is enabled.
|Cross-Site Correlation Tab||Description|
|Local ESA||Stats for local ESA services that forward events for processing to the global, or central, ESA|
|Global ESA||Stats for the global, or central, ESA that receives forwarded events from local ESA services, applies rule criteria and generates alerts|
Deployed Rule Stats Panel
The Deployed Rule Stats panel provides details on the rules that are deployed on the ESA service.
If you Enable Cross-Site Correlation, the Deployed Rule Stats panel list the rules on each Esper engine:
- Local ESA deploys forwarding rules only to send events that have the potential to trigger an alert to the central ESA.
- Global ESA deploys all rules to run against data, which includes events forwarded from each local ESA.
The table lists the various parameters in the view and their description.