Reporting: Rule Types

Document created by RSA Information Design and Development on Nov 23, 2016Last modified by RSA Information Design and Development on Feb 10, 2017
Version 5Show Document
  • View in full screen mode
  

This topic describes the different rule types in the Reporting module. Rule types designate the source of data for the report rule. Following are the rule types:

              
Rule TypeDescription
NetWitness Database (NetWitness DB)The NetWitness database extracts the meta from a Reporting Engine configured to use a Concentrator, Broker and Archiver as the data sources and provides the meta for rules.
Internet Protocol Database (IPDB)The Internet Protocol Database (IPDB) provides normalized and raw event messages that can cover significant historical time periods. You need to configure the IPDB Extractor service and associate it with a Reporting Engine as described in the Reporting Engine Configuration Checklist. You can have a number of IPDB deployments including a multi-site IPDB deployment. The IPDB Extractor can also be deployed on virtual environments.
For more information, see Supported IPDB Extractor Service Deployments on Virtual Environments.
Warehouse Database (Warehouse DB)The Warehouse database, also referred to as the RSA Analytics Warehouse, warehouses large volumes of data. The Warehouse is designed so that you can retrieve large volumes of data easily and efficiently. The Warehouse also extracts the meta from the Reporting Engine.
Incident Management Database (IMDB)The Incident Management database reports on alerts and incidents. You can create a report on alerts and incidents generated from Event Stream Analysis, Reporting Engine, Malware Analysis etc.

Topics

Supported IPDB Extractor Service Deployments on Virtual Environments

Previous Topic:IMDB Rule Syntax
You are here
Table of Contents > Working with Reporting Rules > Rule Overview > Rule Types

Attachments

    Outcomes