Reporting Engine: Sources Tab

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

The Sources tab for the Reporting Engine service in the Services Config view controls that data sources associated with a Reporting Engine. The Source tab consists of a single panel with a toolbar and a grid that lists the data sources associated with the Reporting Engine.

All procedures associated with this tab are available in Configure Reporting Engine or Reporting Engine Additional Procedures.

The data sources available to the Reporting Engine for which you are defining reports and defining alerts are:

  • IPDB Data Sources - The Internet Protocol Database (IPDB) data source contains both normalized and raw event messages. It stores all collected messages in a file system organized by event source (service), IP address, and time (year/month/day) with index files to facilitate searches (report and queries).
  • NWDB Data Sources - The NetWitness Database (NWDB) data sources are Decoders, Log Decoders, Brokers, Concentrators, Archiver, and Collection.

class="note" style="margin-left: 40px;" MadCap:autonum="<b>Note: </b>">When a data privacy plan has been implemented to limit access to sensitive data on a data source, you must configure different service accounts in Reporting Engine for privileged and non-privileged users. To configure different service accounts for data privacy, you can add more than one NWDB data source. This procedure is available under Reporting Engine Additional Procedures.

  • Warehouse Data Sources - The Warehouse data sources are Pivotal and MapR.

If you set a source as the default data source, Security Analytics uses that source when you create reports and alerts unless you choose to override it with one of the other sources listed in this tab.

class="note" MadCap:autonum="<b>Note: </b>">You can manage access control to NWDB and Warehouse Data Sources. For more information, see Reporting Engine Additional Procedures.

To access this view:

  1. In the Security Analytics menu, select Dashboard > Administration > Services.
  2. In the Services Grid, select a Reporting Engine service.
  3. Clicksettings.png >View > Config.
  4. Select the Sources tab.
    The Service Config View is displayed with the Reporting Engine Sources tab open.

105_sources_ tab.png

Features

You can perform the following actions on the Sources tab:

                           
IconActions
Adds new services as data sources for Reporting Engine. To add a Warehouse as a data source, see Add Warehouse as a Data Source to Reporting Engine. Add existing services ((Optional) Add Archiver as Data Source to Reporting Engine, (Optional) Add Workbench as Data Source to Reporting Engine, (Optional) Add Collection as Data Source to Reporting Engine) as data sources for Reporting Engine.
Removes data sources from a Reporting Engine.
data_src_per.png Configures Data Source Permissions. This is enabled only for NWDB and Warehouse Data Sources. For more information, see Configure Data Source Permissions.
setAsDfltSrce.PNG Sets the default data sources for a Reporting Engine. This is the source to which Security Analytics defaults in the Datasource field of the following views:
  • Rule Definition view.
  • Create/Modify Alert view.

Data Sources

The data sources are listed under the different categories as follows:

  • IPDB Data Sources category : Security Analytics displays the IPDB Extractor service data sources.
  • NWDB Data Sources category, Security Analytics displays the NetWitness data sources.
  • Warehouse Data Sources category : Security Analytics displays the Warehouse data sources. 
   class="TableStyle-table-Column-Regular"   class="TableStyle-table-Column-Regular"                    
ColumnDescription
Checkbox.pngClicking the check box selects the data source. After you select it, you can use toolbar to remove the source or set the source as the default.
NameDisplays the name of the data source.
AddressDisplays the IP Address of the data source.
PortDisplays the port of the data source.
TypeDisplays the service type of the data source.
Thread CountDisplays the thread pool size used for executing rules on the data source.

For IPDB data source, this column is blank, instead the thread pool size is displayed in the General tab using the IPDB thread pool count parameter.
You are here: References > Reporting Engine Sources Tab

Attachments

    Outcomes