RSA Security Analytics AIO and ESA component
currently I am trying to configure rule based incident generation ( e.g. create incident if there is more than X events from source Y during time period Z) on RSA Security Analytics AIO 10.6.2.1. As far as I understand ESA component is fundamental for such function.
Is it possible to install ESA component on AIO appliance server? Eventually, is there any workaround to achieve mentioned goal without ESA?
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
ESA will continue to be a requirement for NetWitness as there will be more functions added to it in the V11.x code
currently the ESA engine, C2 detection, Incident Management, Context Hub all require the ESA service with more coming in V11.
ESA can be provided either as an appliance or VM image depending on your environment and there may be benefits to leveraging the consumption model rather than appliance model for licensing if you are a low linerate shop (AIO would indicate that). Talk to your local RSA SE about options.