Alerting: Customize an RSA Live ESA Rule

Document created by RSA Information Design and Development on Jun 26, 2017Last modified by RSA Information Design and Development on Sep 14, 2017
Version 2Show Document
  • View in full screen mode
  

This topic explains how to configure parameters in an RSA Live ESA rule. When you download an RSA Live ESA rule, the rule appears in the Rule Library which includes the following columns:

  • Name
  • Description
  • Trial Rule
  • Type

RlLibDwnld.png

The type is RSA Live ESA Rule.

Prerequisites

  • Administrator, Operator, SOC Manager or DPO role permissions are required.
  • Rules must be downloaded to the Rule Library.

Procedure

To customize an RSA Live ESA rule:

  1. In the Security Analytics menu, select Alerts > Configure > Rule.
  2. In the Rule Library, select an RSA Live ESA Rule and click Edit icon.
    The RSA Live ESA Rule tab is displayed.
  3. (Optional) Change the following fields:
  • Rule Name
  • Description
  • Trial Rule (Enabled by default. RSA recommends you run a rule as a trial rule long enough to assess the performance during normal and peak network traffic.)
  • Severity
  1. To configure the rule for your environment, in the Parameters section replace the default in the Value Column.
    Params.png
  2. Click Save
You are here
Table of Contents > Add Rules to the Rules Library > Download Configurable RSA Live ESA Rules > Customize an RSA Live ESA Rule

Attachments

    Outcomes