AnsweredAssumed Answered

RSA Security Analytics AIO and ESA component

Question asked by Ondrej Zuffa on Sep 4, 2017
Latest reply on Sep 6, 2017 by Ondrej Zuffa

Like • Show 0 Likes0
Comment • 3

Hello,

currently I am trying to configure rule based incident generation ( e.g. create incident if there is more than X events from source Y during time period Z) on RSA Security Analytics AIO 10.6.2.1. As far as I understand ESA component is fundamental for such function.

Is it possible to install ESA component on AIO appliance server? Eventually, is there any workaround to achieve mentioned goal without ESA?

Best Regards,

Ondrej Zuffa

No one else has this question

Outcomes

3 Replies

Sravan Koneti Sep 5, 2017 12:13 AM
Mark Correct
Correct Answer
Hi Ondrej,

You need ESA to have Incident Management as IM database stays on ESA.
Like • Show 0 Likes0
Actions
Eric Partington Sep 5, 2017 8:36 AM
Mark Correct
Correct Answer
ESA will continue to be a requirement for NetWitness as there will be more functions added to it in the V11.x code

currently the ESA engine, C2 detection, Incident Management, Context Hub all require the ESA service with more coming in V11.

ESA can be provided either as an appliance or VM image depending on your environment and there may be benefits to leveraging the consumption model rather than appliance model for licensing if you are a low linerate shop (AIO would indicate that). Talk to your local RSA SE about options.
1 person found this helpful
Like • Show 0 Likes0
Actions
- Ondrej Zuffa @ Eric Partington on Sep 6, 2017 4:46 AM
  Mark Correct
  Correct Answer
  Hi Eric,
  thank you for clarification.
  
  Best Regards,
  Ondrej Zuffa
  Like • Show 0 Likes0
  Actions

RSA Security Analytics AIO and ESA component

Outcomes

Related Content

Recommended Content