ESM: Manage Event Source Tab

Document created by RSA Information Design and Development on Sep 6, 2017Last modified by RSA Information Design and Development on Oct 4, 2017
Version 8Show Document
  • View in full screen mode
  

The Manage Event Source screen has several integrated components that present different perspectives of an event source.

  • Show Event Source Details
  • Add attribute values to an event source
  • Remove attribute values for an event source

To view the Manage Event Source screen for an event source:

  1. Go to ADMIN> Event Sources.
  2. Select the Manage tab.
  3. From the Event Sources pane, select an event source from the list and click + .

Workflow

This workflow shows the end-to-process for modifying, acknowledging, mapping, and configuring event sources, along with viewing and configuring event source alarms and alerts.

What do you want to do?

                       
RoleI want to...Documentation
Administrator

Create an event source group that contains all the high priority event sources.

Creating Event Source Groups

Administrator

Edit event source attributes.

Creating an Event Source and Editing Attributes

Related Topics

Creating an Event Source and Editing Attributes

Creating Event Source Groups

Quick Look

This is an example of the New Event Source tab:

Event source attribute categories.

This table describes event source attribute categories.

                                                       
Attribute SectionDescription
Identification

These attributes are the main attributes that collectively identify an event source.

The following attributes are auto-populated, and cannot be changed while on this screen:

  • IP address
  • IPv6 value
  • Hostname
  • Event Source Type

These attributes can be modified:

  • Log Collector
  • Log Decoder

Properties

These attributes provide the name and description.

  • Name
  • DNS Hostname
  • Description

Importance

These attributes can be used for grouping by priority.

  • Priority
  • Criticality
  • Compliance

Zone

These attributes can be used for grouping by zone.

  • WAN (Wide Area Network)
  • LAN (Local Area Network)
  • Security
  • Operational

Location

These attributes can be used to group by the physical or geographical location.

  • Country
  • State
  • County
  • Province
  • City
  • Campus
  • Postal Code
  • Building
  • Floor
  • Room
Organization

These attributes can be used to group by organization, and also to provide contact information.

  • Company
  • Division
  • Business Unit
  • Department
  • Group
  • Contact
  • Contact Phone
  • Contact Ema

Owner

These attributes specify those responsible for the event source.

  • Manager
  • Primary Administrator
  • Backup Administrator
Physical

These attributes specify the physical properties for the event source.

  • Vendor
  • Serial Number
  • Asset Tag
  • Voltage
  • UPS Protected
  • Rack Height
  • Depth
  • BTU Output
  • Color

Function

These attributes can be used to group by function.

  • Primary Role
  • Sub Role 1
  • Sub Role 2

System Information

These attributes specify system information.

  • Domain Name
  • System Name
  • Identifier
  • System Description

Custom

This section provides eight custom attributes, for any other attributes that your organization might need.

Features

The settings in the Manage Event Source tab are a combination of auto-populated and user-entered information. When an event source sends log information to NetWitness Suite, it is added to the list of event sources, and some basic information is auto-populated. At any time after that, users can add or edit details for other event source attributes.

This figure shows an example of the Identification, Properties, and Importance sections.

Example of the Identification, Properties, and Importance sections.

This figure shows an example of the Zone, Location, and Organization sections.

Example of the Zone, Location, and Organization sections.

Previous Topic:ESM: Manage Tab
You are here
Table of Contents > References > ESM: Manage Event Source Tab

Attachments

    Outcomes