This topic introduces the services configuration parameters available in the Sources tab of the Services Config view for the Reporting Engine. The Sources tab for the Reporting Engine service in the Services Config view controls that data sources associated with a Reporting Engine. The Source tab consists of a single panel with a toolbar and a grid that lists the data sources associated with the Reporting Engine.
All procedures associated with this tab are available in Configure Reporting Engine or Additional Procedures for Configuring the Reporting Engine.
About the Data Sources
The data sources available to the Reporting Engine for which you are defining reports and defining alerts are:
- IPDB Data Sources - The Internet Protocol Database (IPDB) data source contains both normalized and raw event messages. It stores all collected messages in a file system organized by event source (service), IP address, and time (year/month/day) with index files to facilitate searches (report and queries).
NWDB Data Sources - The NetWitness Database (NWDB) data sources are Decoders, Log Decoders, Brokers, Concentrators, Archiver, and Collection.
Note: When a data privacy plan has been implemented to limit access to sensitive data on a data source, you must configure different service accounts in Reporting Engine for privileged and non-privileged users. To configure different service accounts for data privacy, you can add more than one NWDB data source. This procedure is available under Additional Procedures for Configuring the Reporting Engine.
- Warehouse Data Sources - The Warehouse data sources are Pivotal and MapR.
- IMDB Data Source - The Incident Management Data Base data sources are Reporting Engine, ESA, Malware, ECAT, and Web Threat Detection. IMDB is used to store the alerts and incidents reports.
If you set a source as the default data source, Security Analytics uses that source when you create reports and alerts unless you choose to override it with one of the other sources listed in this tab.
Note: You can manage access control to NWDB and Warehouse Data Sources. For more information, see Additional Procedures for Configuring the Reporting Engine.
To access this view:
- In the Security Analytics menu, select Administration > Services.
- In the Services Grid, select a Reporting Engine service.
- Click > View > Config.
Select the Sources tab.
The Service Config View is displayed with the Reporting Engine Sources tab open.
You can perform the following actions on the Sources tab:
|Adds new services as data sources for Reporting Engine. To add a Warehouse as a data source, see Add Warehouse as a Data Source to Reporting Engine. Add existing services ((Optional) Add Archiver as Data Source to Reporting Engine, (Optional) Add Workbench as Data Source to Reporting Engine, (Optional) Add Collection as Data Source to Reporting Engine) as data sources for Reporting Engine.|
|Removes data sources from a Reporting Engine.|
|Configures Data Source Permissions. This is enabled only for NWDB and Warehouse Data Sources. For more information, see Configure Data Source Permissions.|
|Sets the default data sources for a Reporting Engine. This is the source to which Security Analytics defaults in the Datasource field of the following views: |
The data sources are listed under the different categories as follows:
- IPDB Data Sources category : Security Analytics displays the IPDB Extractor service data sources.
- NWDB Data Sources category, Security Analytics displays the NetWitness data sources.
- Warehouse Data Sources category : Security Analytics displays the Warehouse data sources.