Alerting: Customize an RSA Live ESA Rule

Document created by RSA Information Design and Development on Sep 12, 2017Last modified by RSA Information Design and Development on Mar 27, 2018
Version 7Show Document
  • View in full screen mode

This topic explains how to configure parameters in an RSA Live ESA rule. When you download an RSA Live ESA rule, the rule appears in the Rule Library which includes the following columns:

  • Name
  • Description
  • Trial Rule
  • Type

Rule Library showing ESA Live Rules

The type is RSA Live ESA Rule.


  • Administrator, Operator, SOC Manager, or DPO role permissions are required.
  • Rules must be downloaded to the Rule Library.


To customize an RSA Live ESA rule:

  1. Go to CONFIGURE > ESA Rules > Rules tab.
  2. In the Rule Library, select an RSA Live ESA Rule and click Edit icon.
    The RSA Live ESA Rule tab is displayed.
  3. (Optional) Change the following fields:
    • Rule Name
    • Description
    • Trial Rule (Enabled by default. RSA recommends you run a rule as a trial rule long enough to assess the performance during normal and peak network traffic.)
    • Severity
  1. To configure the rule for your environment, in the Parameters section replace the default in the Value Column.
    Parameters section showing values column
  2. Click Save
You are here
Table of Contents > Add Rules to the Rules Library > Download Configurable RSA Live ESA Rules > Customize an RSA Live ESA Rule