ESA Config: Configure ESA Correlation Rules

Document created by RSA Information Design and Development on Sep 13, 2017Last modified by RSA Information Design and Development on Sep 11, 2018
Version 8Show Document
  • View in full screen mode
 

This topic provides high-level tasks to configure RSA NetWitness Platform Event Stream Analysis (ESA) Correlation Rules using the Event Stream Analysis service.

Prerequisites

Make sure that you:

  • Install the Event Stream Analysis service in your network environment.
  • Install and configure one or more Concentrators in your network environment.

Procedure

The following table shows the high level tasks required to configure ESA Correlation Rules.

                         
TasksReference
  1. Add a Concentrator as data source to the Event Stream Analysis service. 

Refer to Step 1. Add a Data Source to an ESA Service.

  1. Configure notifications for the Event Stream Analysis service.
Refer to "Notification Methods" in the Alerting with ESA Correlation Rules User Guide.
  1. Download Event Stream Analysis content using Live.
Refer to "Download Configurable RSA Live Rules" in the Alerting with ESA Correlation Rules User Guide.
  1. (Optional) Advanced configuration for the Event Stream Analysis service.
Refer to Step 2. Configure Advanced Settings for an ESA Service.

Result

The Event Stream Analysis service is configured and you can now add ESA Rules for event processing and alerting. For information on adding ESA Rules, see "Add Rules to the Rule Library" in the Alerting with ESA Correlation Rules User Guide.

You are here
Table of Contents > Configure ESA Correlation Rules

Attachments

    Outcomes