Migrate ESA Deployments to Policies and Groups

From version 12.1 and later, on successful upgrade of the Admin Server, the ESA deployments are managed by the policies and groups page. The deployments are not available on netwitness_configure_24x20.png (CONFIGURE) > ESA Rules page.

12.0 and Earlier version

ESA Rules page in the 12.0 version.

esa12version.png

12.1 version

Updated ESA Rules page in 12.1 version, where only rule libraries are available.

Note: The ESA deployments, after upgrading the Admin Server to 12.1 are not available to view or modify until the Correlation servers are also upgraded to the 12.1 version. However, the events are consumed, and ESA alerts are processed by the Correlation server.

esa121version.png

All the deployments are automatically migrated to policies and groups:

  • Each deployment is converted into a policy and a group.

  • Once the ESA Correlation server is upgraded to the 12.1 version, you can access these deployments as groups and policies.

IMPORTANT: If there is any need to import ESA Rules and Enrichments. NetWitness recommends importing those missing rules and enrichments before the upgrade.

The following table provides the information on different deployment states for Policy and Groups:

SlNo Pre-upgrade Deployment State Post-upgrade Deployment State
Creates Policy Creates Group The policy will be Published
1 Healthy deployment

Yes

Yes

Yes

2 Deployment with errors Yes Yes Yes
3 Deployment with only rules

Yes

No

No

4 Deployment with no rules No No No

Healthy deployment contains no errors, and the required resources such as ESA Server, Data source, and ESA rule are added.

Note: NetWitness recommends that all the deployments maintain an error-free state and also remove any unnecessary or unused ESA deployments.