ESM: Manage Event Source Tab

Document created by RSA Information Design and Development on Mar 22, 2017
Version 1Show Document
  • View in full screen mode
  

You use the Manage Event Source screen to perform the following tasks:

  • Show Event Source Details
  • Add attribute values to an event source
  • Remove attribute values for an event source

To view the Manage Event Source screen for an event source:

  1. In the Security Analytics menu, select Administration > Event Sources.
  2. Select the Manage tab.
  3. From the Event Sources pane, select an event source from the list and click + click + or 104ApplEdit.png.
    This is an example of the New Event Source tab:
    esm_newEStab.png

Procedures related to this tab are described in Create an Event Source and Edit Attributes.

Features

The settings in the Manage Event Source tab are a combination of auto-populated and user-entered information. When an event source sends log information to Security Analytics, it is added to the list of event sources, and some basic information is auto-populated. At any time after that, users can add or edit details for other event source attributes.

This figure shows an example of the Identification, Properties, and Importance sections.

ESM_details01.png

This figure shows an example of the Zone, Location, and Organization sections.

Categories

This table describes the event source attribute categories.

                                                     
Attribute SectionDescription
Identification

These attributes are the main attributes that collectively identify an event source.

The following attributes are auto-populated, and cannot be changed while on this screen:

  • IP address
  • IPv6 value
  • Hostname
  • Event Source Type

These attributes can be modified:

  • Log Collector
  • Log Decoder
Properties

These attributes provide the name and description.

  • Name
  • DNS Hostname
  • Description
Importance

These attributes can be used for grouping by priority.

  • Priority
  • Criticality
  • Compliance
Zone

These attributes can be used for grouping by zone.

  • WAN (Wide Area Network)
  • LAN (Local Area Network)
  • Security
  • Operational
Location

These attributes can be used to group by the physical or geographical location.

  • Country
  • State
  • County
  • Province
  • City
  • Campus
  • Postal Code
  • Building
  • Floor
  • Room
Organization

These attributes can be used to group by organization, and also to provide contact information.

  • Company
  • Division
  • Business Unit
  • Department
  • Group
  • Contact
  • Contact Phone
  • Contact Email
Owner

These attributes specify those responsible for the event source.

  • Manager
  • Primary Administrator
  • Backup Administrator
Physical

These attributes specify the physical properties for the event source.

  • Vendor
  • Serial Number
  • Asset Tag
  • Voltage
  • UPS Protected
  • Rack Height
  • Depth
  • BTU Output
  • Color
Function

These attributes can be used to group by function.

  • Primary Role
  • Sub Role 1
  • Sub Role 2
System Information

These attributes specify system information.

  • Domain Name
  • System Name
  • Identifier
  • System Description 
CustomThis section provides eight custom attributes, for any other attributes that your organization might need.
Previous Topic:Settings Tab
Next Topic:Troubleshooting
You are here
Table of Contents > Reference > Manage Event Source Tab

Attachments

    Outcomes