This topic is an overview of the Reporting Engine. The Reporting Engine supports the definition and generation of reports and alerts that you maintain in the RSA Security Analytics Reporting and Alerting module views and dashlets. A Reporting Engine:
- Facilitates the delivery of selected data to the Reporting and Alerting module views (NetWitness meta data and IPDB event data).
- Stores rules definitions that govern how the data is represented in reports and alerts.
Manages the alert queue by allowing you to enable and disable alerts.
A Reporting Engine runs reports and alerts based on the data drawn from a data source so you must associate a data source, or multiple data sources, to a Reporting Engine. There are four types of data sources:
- IPDB Data Sources - The Internet Protocol Database (IPDB) data source contains both normalized and raw event messages. It stores all collected messages in a file system organized by event source (device), IP address, and time (year/month/day) with index files to facilitate searches (report and queries).
- NWDB Data Sources - The NetWitness Database (NWDB) data sources are Decoders, Log Decoders, Brokers, Concentrators, Archiver, and Collection.
- Warehouse Data Sources - The Warehouse data sources are Pivotal and MapR.
- Incident Management Data Sources - IMDB is used to generate reports on alerts and incidents. The IMDB data sources are Reporting Engine, ESA, Malware, ECAT, and Web Threat Detection. IMDB is used to store the alerts and incidents reports.