currently I am trying to configure rule based incident generation ( e.g. create incident if there is more than X events from source Y during time period Z) on RSA Security Analytics AIO 10.6.2.1. As far as I understand ESA component is fundamental for such function.
Is it possible to install ESA component on AIO appliance server? Eventually, is there any workaround to achieve mentioned goal without ESA?