Alerting: View Stats for an ESA Service

Document created by RSA Information Design and Development on Sep 12, 2017Last modified by RSA Information Design and Development on Jul 8, 2019
Version 10Show Document
  • View in full screen mode
 

This topic describes how to view the deployment statistics (stats) for an ESA Correlation service. This procedure is useful when you are attempting to determine the effectiveness of a rule or troubleshoot an ESA rule deployment. 

Caution: When you modify and re-deploy an ESA rule deployment, all of the stats are removed from that deployment. The generated alerts are not removed from NetWitness Respond.

View ESA Stats

  1. Go to CONFIGURE > ESA Rules > Services tab.
  2. From the ESA Services list on the left, select a service.
    The deployment stats for the selected service are displayed.
    Services tab showing deployment stats for the selected service

  1. (This option applies to NetWitness Platform version 11.3 and later.) In the Deployment view under the ESA Correlation service name, select the tab of the deployment you would like to view. For example, select the Deployment A tab to view the stats for deployment A. Select the Deployment B tab to view the status for deployment B.
  2. Review the following sections of ESA stats.
    For a complete description of each statistic in each section, see Services Tab.
  • Engine Stats
  • Rule Stats
  • Alert Stats
  1. In the Deployed Rule Stats, review details about the rules deployed on the ESA.
    For a complete description of each column in each section, see Services Tab.
    • If the rule is enabled or disabled
    • What the rule name is
    • The type of rule
    • If the rule is running in Trial Rule mode
    • Last detected
    • Events matched
    • The amount of memory used by the rule
  1. To monitor overall memory usage and health of your ESA Correlation service, click Health & Wellness.

Enable or Disable Rules

  1. In the Deployed Rule Stats panel, select a rule from the grid.
  2. Click Enable icon to enable the rule, or click Disable icon to disable the rule.
    The Services tab is refreshed to show the changes, which take effect immediately.

Refresh the Statistics

The Services tab does not update statistics automatically unless you enable or disable a rule. To ensure you view current statistics:

  1. Click Refresh icon in the upper right corner to refresh the information.
  2. View the updated information. 

You are here
Table of Contents > View ESA Stats and Alerts > View Stats for an ESA Service

Attachments

    Outcomes