Create an ESA Rule

This topic describes the steps to create an ESA rule.

To create an ESA Rule

  1. Go to netwitness_configure.png (CONFIGURE) > Policies.
  2. In the policies panel, click Content.
  3. In the left panel, click Content Library.

    The available rules are displayed.

  4. Click Event Stream Analysis Rule.

  5. In the ESA rule panel, click + Create Rule to add an ESA rule.

    It navigates to ESA Rules > Rules view. For more information on creating new rules, see the section Add a Rule Builder Rule.

    Note: Analysts must have appropriate permissions to view the ESA rules under netwitness_configureicon_13x11.png (CONFIGURE) > ESA Rules and netwitness_configureicon_12x10.png (CONFIGURE) > Policies pages. For more information, see the Source-server section in the "Role Permissions" topic in the System Security and User Management Guide.