Configure Event Stream Analysis (ESA)

Document created by RSA Information Design and Development on Nov 24, 2016Last modified by RSA Information Design and Development on Feb 9, 2017
Version 2Show Document
  • View in full screen mode
  

This topic provides high-level tasks to configure the Security Analytics Event Stream Analysis.

Prerequisites

Make sure that you:

  • Install the Event Stream Analysis service in your network environment.
  • Install and configure one or more Concentrators in your network environment.

Procedure

Note: You can configure ESA using an SSL port (50030) only. There is no option to configure a Non-SSL port.

To configure Event Stream Analysis:

                                         
TasksReference
  1. You can discover, update or add the host on which the ESA service is installed. (Optional) If ESA is not set up, you need to add Event Stream Analysis as a core service and add the Event Stream Analysis service to the host.
Refer to "Step 1 : Add or Update a Host" in the "Host and Services Getting Started Guide". Refer to Step 1. Add Event Stream Analysis Service.
  1. Apply license to the Event Stream Analysis service. 
Refer to "View Current Entitlements" in the "Licensing Guide."
  1. Add the Concentrator as data source to the Event Stream Analysis service. 
Refer to Step 2. Add a Data Source to an ESA Service
  1. Configure notifications for Event Stream Analysis service.
Refer to "Notification Methods" in the "Alerting Using ESA Guide."
  1. Download Event Stream Analysis content using Live.
Refer to "Live Search View" in the "Live Resource Managment Guide".
  1. (Optional) Advanced configuration for Event Stream Analysis service.
Refer to Step 3. Configure Advanced Settings for an ESA Service.
  1. (Optional) Enable Context Hub.
Refer to "Step 1. Add the Context Hub Service" in the "Context Hub Configuration Guide".
  1. (Optional) Configure ESA to connect to the Context Hub on another ESA. 
Refer to  Step 4. Configure an ESA to Connect to the Context Hub on Another ESA.

Result

The Event Stream Analysis service is configured and you can now add ESA Rules for event processing and alerting. For information on adding ESA Rules, see "Add Rules to the Rule Library" in the "Alerting Using ESA Guide."

You are here
Table of Contents > Configure ESA

Attachments

    Outcomes