Alerting: Step 2. Add an ESA Service

Document created by RSA Information Design and Development Employee on Jun 26, 2017Last modified by RSA Information Design and Development Employee on Sep 14, 2017
Version 2Show Document
  • View in full screen mode

The ESA service in a deployment gathers data in your network and runs ESA rules against the data. The goal is to capture events that match rule criteria, then generate an alert for the captured event.

You can add the same ESA to multiple deployments. For example, ESA London could be in the these deployments simultaneously:

  • Deployment EUR, which includes one set of ESA rules
  • Deployment CORP, which includes another set of ESA rules

When you remove an ESA from a deployment, the rules are also removed from the ESA. For example, Deployment EUR could include ESA London and a set of 25 rules. If you remove ESA London from Deployment EUR, the 25 rules are also removed from ESA London. Consequently, if an ESA is not part of any deployment the ESA does not have any rules.


To add an ESA service:

  1. In the Security Analytics menu, select Alerts > Configure.
    The Rules tab is displayed.
  2. In the options panel, select a deployment:
  3. In the Deployment view, click Add icon in ESA Services.
    The Deploy ESA Services dialog lists each configured ESA.
  4. Select an ESA and click Save.
    The Deployment view is displayed. The ESA is listed in the ESA Services section, with the status Added.
You are here
Table of Contents > Deploy Rules to Run on ESA > Required Procedures > Step 2. Add an ESA Service