Alerting: Services Tab

Document created by RSA Information Design and Development on Sep 12, 2017Last modified by RSA Information Design and Development on Jul 8, 2019
Version 10Show Document
  • View in full screen mode
 

This topic provides an overview of the CONFIGURE > ESA Rules > Services tab. The Services tab provides details of the ESA services added to NetWitness Platform. 

What do you want to do?

                       
Role I want to ...Show me how
Content Expert

Troubleshoot Services Tab.

Troubleshoot ESA

Content Expert

View deployment Stats for an ESA Service.

View Stats for an ESA Service

Related Topics

Services

The following figure shows the Services tab:
ESA Rules Services Tab

(This option is available in NetWitness Platform version 11.3 and later.) If an ESA Correlation service has multiple deployments, under the service name, you will see a tab for each deployment. In the above example, there are two deployment tabs, Deployment A and Deployment B. Each tab displays information specific to that deployment.

The Services tab has the following sections:

  • ESA Services panel (on the left)
  • General Stats panel (top right)
  • Deployed Rule Stats panel (bottom right)

ESA Services Panel

The ESA Services panel lists the name of each ESA service added to NetWitness Platform.

ESA Services panel showing the available ESA services

General Stats Panel

The General Stats panel provides information on the Esper engine, rules, and alerts.

The General Stats panel contains the following sections:

  • Engine Stats 
  • Rule Stats
  • Alert Stats

The following figure shows the General Stats panel.
General Stats Panel

The following table lists and describes the parameters in each section.

                                                        
SectionsParameterDescription
Engine StatsEsper VersionEsper version running on the ESA service
TimeTime when the last event was sent to Esper Engine
Events OfferedNumber of events processed by the ESA service since the last service start
Offered RateThe rate that the ESA service processes current events / The maximum rate that the ESA service processed events.
Status

Shows the status of the deployment. A status of Active means that the deployment is active. A status of Inactive means that there was probably an error starting the deployment. Check the error log file for more information: /var/log/netwitness/correlation-server/correlation-server.log.

Rule StatsRules EnabledNumber of rules enabled
Rules DisabledNumber of rules disabled
Events MatchedTotal number of events matched to all rules on the ESA service
Alert StatsNotificationsThe total number of notifications sent by email, SNMP, syslog, or script for the deployment. (ESA SNMP notifications are not supported in NetWitness Platform version 11.3 and later.)
Message BusThe total number of alerts sent to Respond for the deployment

Deployed Rule Stats Panel

The Deployed Rule Stats panel provides details on the rules that are deployed on the ESA service.

The following figure shows the Deployed Rule Stats panel.

Deployed Rule Stats Panel

The table lists the various parameters in the view and their description.

                                                   
ParametersDescription
Enable button Enables a rule that was disabled.
Disable button Disables a rule that was enabled.
Health & Wellness linkEnables you to monitor overall memory usage and health of your ESA Correlation service.
EnableIndicates whether the rule is enabled or disabled.
A green circle icon Enabled icon indicates that the rule is enabled.
A white circle icon Disabled icon indicates that the rule is disabled.
NameName of the ESA rule.
Rule Type(This field applies to version 11.3 and later.) Endpoint indicates a rule from the Endpoint Risk Scoring Bundle and Esper indicates Esper-specific rules, such as Rule Builder and Advanced EPL rules.
Trial RuleIndicates if the rule is running in trial rule mode.
Last DetectedThe last time alert was triggered for the rule.
Events MatchedThe total number of events that matched the rule.
Memory Usage

The total amount of memory used by the rule.

Note: The Endpoint Risk Scoring Rules Bundle rules do not show memory usage.

Previous Topic:Rule Syntax Dialog
Next Topic:Settings Tab
You are here
Table of Contents > ESA Alert References > Services Tab

Attachments

    Outcomes