This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Use SA ESM database for enrichment with multi-indexed feed

MihaMesojedec
Employee
Employee
‎2016-05-11 03:56 PM

RSA Security Analytics has built-in Event Source Management (ESM) capability which provides an easy way to manage event sources and configure alerting policies for your event sources. More details about ESM: http://sadocs.emc.com/0_en-us/088_SA106/90_EventSM

Unfortunately ESM module has limitation and can’t be used for Reporting and RBAC.

Attached guide will explain how you can use event source attributes as Multi-indexed feed and later use it for Reporting and RBAC.

As well using local Assets database on SA server is useful when customer don't have SecOps or you are selling SA to SMB customer.

Below example of dashboard and investigation based on assets information.

q.png

1.png

Scripts.zip
Labels:
Preview file
911 KB
Scripts.zip
© 2022 RSA Security LLC or its affiliates. All rights reserved.