Alerting: How ESA Generates Alerts

Document created by RSA Information Design and Development on Sep 12, 2017Last modified by RSA Information Design and Development on Jan 30, 2020
Version 12Show Document
  • View in full screen mode

The ESA Correlation service runs rules that specify criteria for problem behavior or threatening events in your network. When ESA detects a threat that matches rule criteria, it generates an alert.

To generate alerts, ESA performs the following functions:

  1. Gathers data
  2. Runs ESA rules against the data
  3. Captures events that meet rule criteria
  4. Generates alerts for those captured events

Next Topic:Best Practices
You are here
Table of Contents > Getting Started with ESA > How ESA Generates Alerts