The Services Config view > Data Sources tab of an ESA service enables you to configure the sources that ESA uses to analyze data. An ESA service ingests data from Concentrators to detect incidents and alert analysts to potential threats.
This workflow shows the overall process for configuring ESA. It also shows where configuring data sources is located in the process.
In NetWitness Platform 11.2 and earlier, ESA has two services, the Event Stream Analysis service (ESA Correlation Rules) and the Event Stream Analytics Server service (ESA Analytics). The first four procedures shown pertain to configuring the Event Stream Analysis service:
- Add Data Source to ESA Service*
- Configure Notifications
- Download Live Content
- (Optional) Configure Advanced Settings
The last procedure is separate from the others and pertains to creating mappings for the ESA Analytics services to start automatically detecting advanced threats:
- (Optional) Create and Deploy ESA Analytics Mappings
*You can complete these tasks here (that is in the Services Config view Data Sources tab).
- See "Add or Update a Host" in the Host and Services Getting Started Guide.
The following figure shows the Services Config view Data Sources tab for an ESA service.
The following table describes the options in the toolbar.
The Data Sources list shows all of the data sources added to the ESA service. The following table describes the columns the Data Sources list.