Hello,
currently I am trying to configure rule based incident generation ( e.g. create incident if there is more than X events from source Y during time period Z) on RSA Security Analytics AIO 10.6.2.1. As far as I understand ESA component is fundamental for such function.
Is it possible to install ESA component on AIO appliance server? Eventually, is there any workaround to achieve mentioned goal without ESA?
Best Regards,
Ondrej Zuffa
Hi Ondrej,
You need ESA to have Incident Management as IM database stays on ESA.