ESA Config: Step 1: Add Event Stream Analysis Service

Document created by RSA Information Design and Development on Jul 27, 2016Last modified by RSA Information Design and Development on Jul 27, 2016
Version 2Show Document
  • View in full screen mode
 

This topic provides information on how to add the Event Stream Analysis (ESA) service on a host.

Prerequisites

Ensure that you have installed an ESA service and added the host in Security Analytics. For more information, see Step 1: Add or Update a Host in the Getting Started Guide.

Procedure

To add the Event Stream Analysis service:

  1. In the Security Analytics menu, select Administration > Services.

    The services view is displayed.

  2. In the Services panel, select  > Event Stream Analysis.

    add_esa_service.png

    The Add Service dialog is displayed.

    AddSrvESA.png

  3. Provide the following details.

                                
    FieldDescription
    HostSelect the host on which you want to install the ESA service.
    NameType a name for the service.
    PortDefault port is 50030.

    Note: ESA can be configured using the SSL port 50030 only. You cannot configure a Non-SSL port.

    Entitle ServiceSelect if you want to apply the entitlements currently configured to this service.
  4. Click Test Connection to determine if Security Analytics connects to the service.

    Note:  While adding the service, Security Analytics sends ICMP packets to the service to verify if the hostname/IP address entered is valid for successful test connection.

  5. When the result is successful, click Save.

    The added service is now displayed in the Services panel.

Note: If the test is unsuccessful, edit the service information and retry.

You are here: Configure Event Stream Analysis (ESA) > Step 1: Add Event Stream Analysis Service

Attachments

    Outcomes