ESA Config: Step 2. Add a Data Source to an ESA Service

Document created by RSA Information Design and Development on Mar 23, 2017Last modified by RSA Information Design and Development on Apr 14, 2017
Version 3Show Document
  • View in full screen mode
  

This topic describes how to add a new or existing data source to the Event Stream Analysis service.

An ESA service ingests data from a Concentrator to detect incidents and alert the user. For ESA to analyze data, you need to configure the sources from which the ESA will read data. Use the procedures in this topic to add data sources for your ESA.

Prerequisites

You must have one or more Concentrators configured in Security Analytics.

You must perform the following steps to add a data source:

  • Add an Available Data Source
  • Specify username and password for the Data Source 

Procedures

Add Existing Services as Data Source

  1. In the Security Analytics menu, select Administration > Services.
    The Services view is displayed.
  2. In Services view, select an ESA service. 
  3. In the Actions column, select View > Config.
  4. In the Data Sources tab, click .
    The available services are displayed as shown in the following figure.
  5. Select one or more services and click OK.
    The service is added to the list of services in the DataSources tab.
  6. (Optional) Click Enable to enable the data source.
  7. Click Apply to save the configuration.

Specify Username and Password for the Data Source

Note: You can add a Log Decoder as a data source for ESA but RSA recommends you add a Concentrator to take advantage of undivided aggregation as the Decoder may have other processes aggregating from it. 

To specify the username and password for the data source:

  1. In the Security Analytics menu, select Administration > Services.
    The Services view is displayed.
  2. In the Services view, select a Concentrator service. 
  3. Click  .
  4. Specify the username and password.
  5. Click Save.
You are here
Table of Contents > Configure ESA > Step 2. Add a Data Source to an ESA Service

Attachments

    Outcomes