This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

RSA Security Analytics AIO and ESA component

OndrejZuffa1
Beginner
Beginner

‎2017-09-04 12:30 PM

Hello,

currently I am trying to configure rule based incident generation ( e.g. create incident if there is more than X events from source Y during time period Z) on RSA Security Analytics AIO 10.6.2.1. As far as I understand ESA component is fundamental for such function.

Is it possible to install ESA component on AIO appliance server? Eventually, is there any workaround to achieve mentioned goal without ESA?

 

Best Regards,

Ondrej Zuffa

0 Likes
3 REPLIES 3

SravanKoneti1
Beginner
Beginner

‎2017-09-05 12:13 AM

Hi Ondrej,

 

You need ESA to have Incident Management as IM database stays on ESA.

0 Likes

EricPartington
Employee
Employee

‎2017-09-05 08:36 AM

ESA will continue to be a requirement for NetWitness as there will be more functions added to it in the V11.x code

 

currently the ESA engine, C2 detection, Incident Management, Context Hub all require the ESA service with more coming in V11.

 

ESA can be provided either as an appliance or VM image depending on your environment and there may be benefits to leveraging the consumption model rather than appliance model for licensing if you are a low linerate shop (AIO would indicate that).  Talk to your local RSA SE about options.

OndrejZuffa1
Beginner
Beginner
In response to EricPartington

‎2017-09-06 04:46 AM

Hi Eric,

thank you for clarification.

 

Best Regards,

Ondrej Zuffa

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.