Alerting: Getting Started with ESA

Document created by RSA Information Design and Development on Sep 12, 2017Last modified by RSA Information Design and Development on Sep 12, 2018
Version 8Show Document
  • View in full screen mode

This topic covers quick start topics for RSA NetWitness® Platform Event Stream Analysis (ESA) to help you get started in using ESA. The following topics are designed to assist you in working with ESA Correlation Rules.

  • Best Practices helps you to understand how to best set up, deploy, and create rules.
  • Troubleshoot ESA helps you to troubleshoot different aspects of ESA, including rule writing and deployment.
  • View Memory Metrics for Rules helps you to work with memory metrics to understand memory usage for ESA services.

There are two ESA services that can run on an ESA host:

  • Event Stream Analysis (ESA Correlation Rules)
  • Event Stream Analytics Server (ESA Analytics)

The first service is the Event Stream Analysis service that creates alerts from ESA rules, also known as ESA Correlation Rules, which you create manually or download from Live.

This user guide covers alerting using ESA Correlation Rules. For information on configuring ESA Correlation Rules, see the "Configure ESA Correlation Rules" section of the ESA Configuration Guide.

The second service is the ESA Analytics service, which is used for Automated Threat Detection. Because the ESA Analytics service uses preconfigured ESA Analytics modules for Automated Threat Detection, you do not have to create or download rules to use it. For information on the ESA Analytics service, see the Automated Threat Detection Configuration Guide and the "Configure ESA Analytics" section of the ESA Configuration Guide.

Next Topic:Best Practices
You are here
Table of Contents > Getting Started with ESA