ESA Config: Services Config View Data Sources Tab

Document created by RSA Information Design and Development on Sep 13, 2017Last modified by RSA Information Design and Development on Sep 11, 2018
Version 8Show Document
  • View in full screen mode
 

The Services Config view > Data Sources tab of an ESA service enables you to configure the sources that ESA uses to analyze data. An ESA service ingests data from Concentrators to detect incidents and alert analysts to potential threats.

Workflow

This workflow shows the overall process for configuring ESA. It also shows where configuring data sources is located in the process.

Shows the ESA Configuration Workflow and shows where you are in the process: Configure Data Sources

ESA has two services, the Event Stream Analysis service (ESA Correlation Rules) and the Event Stream Analytics Server service (ESA Analytics). The first four procedures shown pertain to configuring the Event Stream Analysis service:

  • Add Data Source to ESA Service *
  • Configure Notifications
  • Download Live Content
  • (Optional) Configure Advanced Settings

The last procedure is separate from the others and pertains to creating mappings for the ESA Analytics services to start automatically detecting advanced threats:

  • (Optional) Create and Deploy ESA Analytics Mappings

What do you want to do?

                                 
Role I want to ...Show me how
AdministratorAdd a Concentrator as a data source to the Event Stream Analysis Service *

See Configure ESA Correlation Rules and Step 1. Add a Data Source to an ESA Service

AdministratorConfigure Notifications

See "Notification Methods" in the Alerting with ESA Correlation Rules User Guide.

AdministratorDownload Live Content

See "Download Configurable RSA Live Rules" in the Alerting with ESA Correlation Rules User Guide.

AdministratorConfigure Advanced Settings

See Step 2. Configure Advanced Settings for an ESA Service

*You can complete these tasks here (that is in the Services Config view Data Sources tab).

Related Topics

  • See "Add or Update a Host" in the Host and Services Getting Started Guide

Quick Look

To access the Data Sources tab, go to ADMIN > Services > (Select an ESA service) > Actions icon > View > Config.

The following figure shows the Services Config view Data Sources tab for an ESA service.

Services Config View Data Sources tab for an ESA service

Toolbar

The following table describes the options in the toolbar.

                               
OptionDescription
Add icon Adds a new data source to the ESA service.
Delete icon Deletes a data source from the ESA service.
Edit icon Edits a data source. You must have the username and password credentials for the service in order to make changes.
Enable icon Enables the selected data source.
Disable icon Disables the selected data source.

Data Sources

The Data Sources list shows all of the data sources added to the ESA service. The following table describes the columns the Data Sources list.

                                     
ColumnDescription
NameThe name of the data source service.
AddressThe address of the data source service.
PortThe port used by the data source.
UserThe user connected with the data source.
EnabledIndicates if the data source is enabled.
SSLIndicates if SSL communication is enabled.
CompressionIndicates if compression is enabled.
Previous Topic:References
You are here
Table of Contents > References > Services Config View Data Sources Tab

Attachments

    Outcomes