This topic explains what a deployment is and how it generate alerts in ESA. The workflow is illustrated in a graphic.
A deployment consists of an ESA service and a set of ESA rules. When you deploy rules, the ESA service runs them to detect suspicious or undesirable activity in your network. Each ESA rule detects a different event, such as when a user account is created and deleted within one hour.
The ESA service performs the following functions:
- Gathers data in your network
- Runs ESA rules against the data
- Applies rule criteria to data
- Generates an alert for the captured event
The following sections describe how to create a deployment and add an ESA service and set of rules to it.