Is there any way to create a report on the ESA alerts generated, and/or the incidents raised?
Like a summary report on the alerts or incidents from RSA SA, along with their status? Like an exportable report, with the name of the alert, incident ID, remediation status included?
It'd be really helpful for tracking and management presentation.
Hi Visham,
These are Reporting Engine Rules and Reports that query the system for alerts and incidents - when you subscribe and deploy these in your environment they will show up in the Reporting Engine:
In 10.6.x these rules query the Incident Management (IM) database, whereas in 11.x they query the Respond database. If you are forwarding your ESA alerts to the IM service, then these will help you report on that activity.
Give these a try, and let us know if you experience any issues with them.