Alerting: Step 2. Add an ESA Service

Document created by RSA Information Design and Development on Sep 12, 2017Last modified by RSA Information Design and Development on Oct 10, 2017
Version 5Show Document
  • View in full screen mode
 

The ESA service in a deployment gathers data in your network and runs ESA rules against the data. The goal is to capture events that match rule criteria, then generate an alert for the captured event.

You can add the same ESA to multiple deployments. For example, ESA London could be in the these deployments simultaneously:

  • Deployment EUR, which includes one set of ESA rules
  • Deployment CORP, which includes another set of ESA rules

When you remove an ESA from a deployment, the rules are also removed from the ESA. For example, Deployment EUR could include ESA London and a set of 25 rules. If you remove ESA London from Deployment EUR, the 25 rules are also removed from ESA London. Consequently, if an ESA is not part of any deployment the ESA does not have any rules.

Procedure

To add an ESA service:

  1. Go to CONFIGURE > ESA Rules.
    The Rules tab is displayed.
  2. In the options panel, select a deployment:
    Deployment view showing a selected deployment
  3. In the Deployment view, click Add icon in ESA Services.
    The Deploy ESA Services dialog lists each configured ESA.
    Deploy ESA Services dialog
  4. Select an ESA and click Save.
    The Deployment view is displayed. The ESA is listed in the ESA Services section, with the status Added.
You are here
Table of Contents > Deploy Rules to Run on ESA > Deployment Steps > Step 2. Add an ESA Service

Attachments

    Outcomes