ESM: Event Source Management Overview

Document created by RSA Information Design and Development on Jul 27, 2016
Version 1Show Document
  • View in full screen mode
 

The Event Source module in Security Analytics provides an easy way to manage event sources and configure alerting policies for your event sources.

Prerequisites

There are two permissions that affect Event Source Management:

  • View Event Sources is needed for users to view event sources, their attributes, and their thresholds and policies.
  • Modify Event Sources allows users to add, edit, and otherwise update event sources.

For details, see the following topics:

  • Roles Tab topic in System Security and User Management Guide describes how to use the Roles tab, available in the Administration > Security view. 
  • Role Permissions topic in System Security and User Management Guide describes the built-in Security Analytics system roles, which control access to the user interface.
  • Manage Users with Roles and Permissions topic in System Security and User Management Guide describes how to manage users in Security Analytics, using roles and permissions.

Context

You can view the details about your existing event source groups by doing the following:

  1. In the Security Analytics menu, select Administration > Event Sources.

    esm_admMenu.png

  2. Select either of the following:

    • The Manage tab. This tab provides the details for your existing event source groups.
    • The Monitoring Policies tab. Use this tab to view or edit your event source alerting configuration.

Note: When the system receives logs from an event source that does not currently exist in the Event Source List, Security Analytics automatically adds the event source to the list. Additionally, if it matches the criteria for any existing group, it becomes part of that group.

You are here: Event Source Management Overview

Attachments

    Outcomes