This topic is an overview of the Reporting Engine that supports the definition and generation of reports and alerts.
A Reporting Engine supports the definition and generation of reports and alerts that you maintain in the RSA Security Analytics Reporting and Alerting module views and dashlets. A Reporting Engine:
- Facilitates the delivery of selected data to the Reporting and Alerting module views (NetWitness meta and IPDB event data).
- Stores rules definitions that govern how the data is represented in reports and alerts.
- Manages the alert queue by allowing you to enable and disable alerts.
A Reporting Engine runs reports and alerts based on the data drawn from a data source so you must associate a data source, or multiple data sources, to a Reporting Engine. There are three types of data sources:
- IPDB Data Sources - The Internet Protocol Database (IPDB) data source contains both normalized and raw event messages. It stores all collected messages in a file system organized by event source (device), IP address, and time (year/month/day) with index files to facilitate searches (report and queries).
- NWDB Data Sources - The NetWitness Database (NWDB) data sources are Decoders, Log Decoders, Brokers, Concentrators, Archiver, and Collection.
- Warehouse Data Sources - The Warehouse data sources are Pivotal and MapR.