The ESA Correlation service runs rules that specify criteria for problem behavior or threatening events in your network. When ESA detects a threat that matches rule criteria, it generates an alert.
To generate alerts, ESA performs the following functions:
- Gathers data
- Runs ESA rules against the data
- Captures events that meet rule criteria
- Generates alerts for those captured events