Before you can deploy Security Analytics in Azure you need to:
- Understand the requirements of your enterprise.
- Know the scope of a Security Analytics deployment.
When you are ready to begin deployment:
- Make sure that you have a Security Analytics"Throughput" license.
- Use Chrome for your browser (Internet Explorer is not supported).
Azure Environment Recommendations
Azure instances have the same functionality as the Security Analytics hardware hosts. RSA recommends that you perform the following tasks when you set up your Azure environment.
- Based on the resource requirements of the different components, follow best practices to use the system and dedicated storage appropriately.
- Build Concentrator directory for index database on SSD.
The following diagrams illustrate some common Azure deployment scenarios. In the diagrams, the:
- Log Decoder receives logs collected by the Log Collector. The Log Collector collects log events from hundreds of devices and event sources.
Concentrator indexes metadata extracted from network or log data and makes it available for enterprise-wide querying and real-time analytics while facilitating reporting and alerting.
- Security Analytics Server hosts Incident Management, Reporting, Investigation, Live Content Management, Administration and other aspects of the user interface.
Full Security Analytics Stack Azure Visibility
This diagram shows all Security Analytics components (full stack) deployed in Azure.
Hybrid Deployment - Log Decoder
This diagram shows the Log Decoder and Archiver deployed in Azure with all other Security Analytics components deployed on your premises.
RSA provides the following Security Analytics services.
- Security Analytics Server
- Event Stream Analysis
- Log Decoder
- Remote Log Collector