.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
RSA ESA Rules
Tags: Threat Intelligence
RSA ESA Rules
The following table illustrates how the current RSA Event Stream Analysis Rules are displayed in the ESA Define view after you download them from Live. The Module Name is the internal identification code for the rule.
Note: For content that has been discontinued, see Discontinued Content.
Pivot to Investigate > Navigate from Respond May Not WorkPivot to Investigate > Navigate from Respond May Not Work
In ESA rules that do not select every piece of meta from the session (that is, rules that do not use select *), you may see that data privacy (if enabled) and the Pivot to Investigate > Navigate link accessed from a context tooltip in the Respond Incident Details view does not work. For details on how to fix this, see "Update any ESA Rule that Selects Only Certain Meta Keys from the Session to Include event_source_id" section in the Alerting with ESA Correlation Rules User Guide.
List of ESA RulesList of ESA Rules
Attachments:
RSA ESA Rules.pdf