This topic provides a brief description of how an Event Stream Analysis (ESA) service runs rules to generate alerts. The Event Stream Analysis (ESA) service runs rules that specify criteria for problem behavior or threatening events in your network. When ESA detects a threat that matches rule criteria, it generates an alert.
To generate alerts, ESA performs the following functions:
- Gathers data
- Runs ESA rules against the data
- Captures events that meet rule criteria
- Generates alerts for those captured events