I want to configure a dashlet that represent a list of alerts triggered by ESA (chart like ESA alert summery).
And a dashlet with the status of incidents, is this possible to configure on the SA?
please guide me on this. huan zhouJonathan Saxon
Thanks a lot for your quick response, let me add parser for ESA and SA itself then i will update here.
Security Analytics doesnt fully support feeding ESA intelligence (output) towards SA. You would need to get a hold of support or a RSA rep to get this integrated. Last I heard there was some backend process to feed via syslog ESA to SA, in which you would need to individually enable syslog notification in each rule to feed syslog to SA. Not entirely sure if RSA supported a parser for this either.
That's how we've gotten around it. Use syslogs from the ESA rule and feed it back into SA. I had heard in future versions ESA was going to have their own dashboards.
Look for the SA Parser in this site, and the create your own dashboard based on the info you got from these parser.
Retrieving data ...