This topic provides high-level tasks to configure the Security Analytics Event Stream Analysis.
Make sure that you:
- Install the Event Stream Analysis service in your network environment.
- Install and configure one or more Concentrators in your network environment.
Note: You can configure ESA using an SSL port (50030) only. There is no option to configure a Non-SSL port.
To configure Event Stream Analysis:
|Refer to Step 1 : Add or Update a Host in the Getting Started Guide. Refer to Step 1: Add Event Stream Analysis Service|
|Refer to View Current Entitlements in the Licensing Guide.|
|Refer to Step 2: Add a Data Source to an ESA Service|
|Refer to Notification Methods in the Alerting Using ESA Guide.|
|Refer to Live Search View in the Live Resource Management Guide.|
|Refer to Step 3. Configure Advanced Settings for an ESA Service.|
The Event Stream Analysis service is configured and you can now add ESA Rules for event processing and alerting. For information on adding ESA Rules, see Add Rules to the Rule Library in the Alerting Using ESA Guide.