Alerting: How ESA Generates Alerts

Document created by RSA Information Design and Development on Sep 12, 2017Last modified by RSA Information Design and Development on Mar 27, 2018
Version 6Show Document
  • View in full screen mode

This topic provides a brief description of how an Event Stream Analysis (ESA) service runs rules to generate alerts. The Event Stream Analysis (ESA) service runs rules that specify criteria for problem behavior or threatening events in your network. When ESA detects a threat that matches rule criteria, it generates an alert.

To generate alerts, ESA performs the following functions:

  1. Gathers data
  2. Runs ESA rules against the data
  3. Captures events that meet rule criteria
  4. Generates alerts for those captured events

You can use the Alerts module to gain visibility into your network and to detect problems in it.

Next Topic:Sensitive Data
You are here
Table of Contents > How ESA Generates Alerts