Alerting: Step 3. Add and Deploy Rules

Document created by RSA Information Design and Development on Sep 12, 2017Last modified by RSA Information Design and Development on Oct 10, 2017
Version 5Show Document
  • View in full screen mode
 

This topic explains how to add ESA rules to a deployment and then deploy the rules on ESA. Each ESA rule has unique criteria. The ESA rules in a deployment determine which events ESA captures, which in turn determine the alerts you receive.

For example, Deployment A includes ESA Paris and, among others, a rule to detect file transfer using a non-standard port. When ESA Paris detects a file transfer that matches the rule criteria, it captures the event and generates an alert for it. If you remove this rule from Deployment A, ESA will no longer generate an alert for such an occurrence.

Procedure

To add and deploy rules:

  1. Go to Configure > ESA Rules.
    The Rules tab is displayed.
  2. In the options panel, select a deployment.
  3. In the Deployment view, click Add icon in ESA Rules.
    The Deploy ESA Rules dialog is displayed and shows each rule in your Rule Library:
    Deploy ESA Rules dialog
  4. Select rules and click Save.
    The Deployment view is displayed.
  5. The rules are listed in the ESA Rules section.
  • In the Status column, Added is next to each new rule.
  • In the Deployments section, Deployment Update icon indicates there are updates to the deployment.
  • The total number of rules in the deployment is on the right.
    Deployments section showing the number of events on the right
  1. Click Deploy Now.
    The ESA service runs the rule set.
You are here
Table of Contents > Deploy Rules to Run on ESA > Deployment Steps > Step 3. Add and Deploy Rules

Attachments

    Outcomes