In the Alerts module, you can configure rules to detect threatening behavior in your network. When an event meets rule criteria, ESA generates an alert.
Table of Contents
- This topic provides a brief description of how an Event Stream Anaysis (ESA) runs rules to generate alerts.
- This topic explains how to add each type of rule to the rule library.
- This topic tells how to add a previously configured enrichment source to a rule. When ESA creates an alert, information from the source gets included in it.
- This topic explains how to select an ESA and the rules to run on it. Administrator, SOC Manager or DPO role permissions are required for all tasks in this section.
- These topics explain each part of the user interface in the Alerting module.
You are hereTable of Contents > Alerting Using ESA