ESA Config: Configure ESA Correlation Rules

Document created by RSA Information Design and Development on Sep 13, 2017Last modified by RSA Information Design and Development on Oct 4, 2017
Version 5Show Document
  • View in full screen mode
 

This topic provides high-level tasks to configure RSA NetWitness Suite Event Stream Analysis (ESA) Correlation Rules using the Event Stream Analysis service.

Prerequisites

Make sure that you:

  • Install the Event Stream Analysis service in your network environment.
  • Install and configure one or more Concentrators in your network environment.

Procedure

Note: You can configure ESA using an SSL port (50030) only. There is no option to configure a Non-SSL port.

To configure Event Stream Analysis:

                         
TasksReference
  1. Add a Concentrator as data source to the Event Stream Analysis service. 
Refer to Step 1. Add a Data Source to an ESA Service
  1. Configure notifications for the Event Stream Analysis service.
Refer to "Notification Methods" in the Alerting Using ESA Guide.
  1. Download Event Stream Analysis content using Live.
Refer to "Live Search View" in the Live Resource Managment Guide.
  1. (Optional) Advanced configuration for Event Stream Analysis service.
Refer to Step 2. Configure Advanced Settings for an ESA Service.

Result

The Event Stream Analysis service is configured and you can now add ESA Rules for event processing and alerting. For information on adding ESA Rules, see "Add Rules to the Rule Library" in the Alerting Using ESA Guide.

You are here
Table of Contents > Configure ESA Correlation Rules

Attachments

    Outcomes