ESM: Edit or Delete Event Source Groups

Document created by RSA Information Design and Development on Mar 22, 2017
Version 1Show Document
  • View in full screen mode
  

You may occasionally need to remove an event source group. For example, if you close an office, and you had a group consisting of all the event sources in that office, you can remove the group, since none of those event sources will send information to Security Analytics.

Similarly, you may need to change some of the conditions that are used to populate the group.

Note: You cannot edit the event source group name. Once you create a group, that name exists as long as the group itself exists.

Edit an Event Source Group

  1. In the Security Analytics menu, select Administration > Event Sources.
  2. In the Manage panel, select an existing Event Source Group.
  3. Click IconEditDevice.png.

    The Edit Event Group dialog is displayed.

  4. Modify any of the details, or add, edit or remove conditions as necessary.
  5. Click Save.

Delete an Event Source Group

Note the following:

  • You can delete any group except for the All group, which lists all configured event sources in the system.
  • If you delete a group, the associated policy for that group also gets deleted automatically.
  • If there are any event sources that belong only to the deleted group, they would no longer have a policy alarm associated with them. Remember that event sources can belong to multiple groups.
  • Deleting a group has no effect on baseline alarms.

To delete an event source group:

  1. In the Security Analytics menu, select Administration > Event Sources.
  2. In the Manage panel, select an existing Event Source Group.
  3. Click IconDeleteDevice.png.

    A confirmation dialog is displayed.

  4. Click Yes to delete the group.
You are here
Table of Contents > Manage Event Source Groups > Edit or Delete Event Source Groups

Attachments

    Outcomes