on Sep 13, 2017Note: The information in this topic applies ONLY to RSA NetWitness
Platform version 11.2 and earlier.
For version 11.3 and later, see Data Source Configuration Changes.
ESA Analytics is not supported in NetWitness Platform 11.5 and later versions.
The Services Config view > Data Sources tab of an ESA service enables you to configure the sources that ESA uses to analyze data. An ESA service ingests data from Concentrators to detect incidents and alert analysts to potential threats.
Workflow
This workflow shows the overall process for configuring ESA. It also shows where configuring data sources is located in the process.
In NetWitness Platform 11.2 and earlier, ESA has two services, the Event Stream Analysis service (ESA Correlation Rules) and the Event Stream Analytics Server service (ESA Analytics). The first four procedures shown pertain to configuring the Event Stream Analysis service:
- Add Data Source to ESA Service*
- Configure Notifications
- Download Live Content
- (Optional) Configure Advanced Settings
The last procedure is separate from the others and pertains to creating mappings for the ESA Analytics services to start automatically detecting advanced threats:
- (Optional) Create and Deploy ESA Analytics Mappings
What do you want to do?
| Role | I want to ... | Show me how |
|---|---|---|
| Administrator | Add a Concentrator as a data source to the Event Stream Analysis Service * | See "Configure ESA Correlation Rules" and "Step 1. Add a Data Source to an ESA Service" in the ESA Configuration Guide for version 11.2. |
| Administrator | Configure Notifications | See "Notification Methods" in the Alerting with ESA Correlation Rules User Guide for version 11.2. |
| Administrator | Download Live Content | See "Download Configurable RSA Live Rules" in the Alerting with ESA Correlation Rules User Guide for version 11.2. |
| Administrator | Configure Advanced Settings | See "Step 2. Configure Advanced Settings for an ESA Service" in the ESA Configuration Guide for version 11.2. |
*You can complete these tasks here (that is in the Services Config view Data Sources tab).
Go to the Master Table of Contents to find all RSA NetWitness Platform 11.x documents.
Related Topics
- See "Add or Update a Host" in the Host and Services Getting Started Guide.
Quick Look
To access the Data Sources tab, go to Admin > Services > (Select an ESA service) > 
> View > Config.
The following figure shows the Services Config view Data Sources tab for an ESA service.
Toolbar
The following table describes the options in the toolbar.
| Option | Description |
|---|---|
 | Adds a new data source to the ESA service. |
 | Deletes a data source from the ESA service. |
 | Edits a data source. You must have the username and password credentials for the service in order to make changes. |
 | Enables the selected data source. |
 | Disables the selected data source. |
Data Sources
The Data Sources list shows all of the data sources added to the ESA service. The following table describes the columns the Data Sources list.
| Column | Description |
|---|---|
| Name | The name of the data source service. |
| Address | The address of the data source service. |
| Port | The port used by the data source. |
| User | The user connected with the data source. |
| Enabled | Indicates if the data source is enabled. |
| SSL | Indicates if SSL communication is enabled. |
| Compression | Indicates if compression is enabled. |
