Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Alerting: How ESA Generates Alerts

Document created by RSA Information Design and Development Employee on Sep 12, 2017Last modified by RSA Information Design and Development Employee on Jul 14, 2020
Version 14Show Document
  • View in full screen mode

The ESA Correlation service runs rules that specify criteria for problem behavior or threatening events in your network. When ESA detects a threat that matches rule criteria, it generates an alert.

To generate alerts, ESA performs the following functions:

  1. Gathers data
  2. Runs ESA rules against the data
  3. Captures events that meet rule criteria
  4. Generates alerts for those captured events

Next Topic:Best Practices
You are here
Table of Contents > Getting Started with ESA > How ESA Generates Alerts