Alerting: Step 3. Add and Deploy Rules

Document created by RSA Information Design and Development on Mar 23, 2017Last modified by RSA Information Design and Development on Apr 26, 2017
Version 4Show Document
  • View in full screen mode
  

This topic explains how to add ESA rules to a deployment and then deploy the rules on ESA. Each ESA rule has unique criteria. The ESA rules in a deployment determine which events ESA captures, which in turn determine the alerts you receive.

For example, Deployment A includes ESA Paris and, among others, a rule to detect file transfer using a non-standard port. When ESA Paris detects a file transfer that matches the rule criteria, it captures the event and generates an alert for it. If you remove this rule from Deployment A, ESA will no longer generate an alert for such an occurrence.

Procedure

To add and deploy rules:

  1. In the Security Analytics menu, select Alerts > Configure.
    The Rules tab is displayed.
  2. In the options panel, select a deployment.
  3. In the Deployment view, click  in ESA Rules.
    The Deploy ESA Rules dialog is displayed and shows each rule in your Rule Library:
  4. Select rules and click Save.
    The Deployment view is displayed.
  5. The rules are listed in the ESA Rules section.
  • In the Status column, Added is next to each new rule.
  • In the Deployments section,  indicates there are updates to the deployment.
  • The total number of rules in the deployment is on the right.
  1. Click Deploy Now.
    The ESA service runs the rule set.
You are here
Table of Contents > Deploy Rules to Run on ESA > Required Procedures > Step 3. Add and Deploy Rules

Attachments

    Outcomes