Reporting Engine: Overview

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode

This topic is an overview of the Reporting Engine that supports the definition and generation of reports and alerts.

A Reporting Engine supports the definition and generation of reports and alerts that you maintain in the RSA Security Analytics Reporting and Alerting module views and dashlets.  A Reporting Engine:

  • Facilitates the delivery of selected data to the Reporting and Alerting module views (NetWitness meta and IPDB event data).
  • Stores rules definitions that govern how the data is represented in reports and alerts.
  • Manages the alert queue by allowing you to enable and disable alerts.

A Reporting Engine runs reports and alerts based on the data drawn from a data source so you must associate a data source, or multiple data sources, to a Reporting Engine. There are three types of data sources:

  • IPDB Data Sources - The Internet Protocol Database (IPDB) data source contains both normalized and raw event messages. It stores all collected messages in a file system organized by event source (device), IP address, and time (year/month/day) with index files to facilitate searches (report and queries).
  • NWDB Data Sources - The NetWitness Database (NWDB) data sources are Decoders, Log Decoders, Brokers, Concentrators, Archiver, and Collection.
  • Warehouse Data Sources - The Warehouse data sources are Pivotal and MapR.
You are here: Reporting Engine Overview