Skip navigationLog in to follow, share, and participate in this community. Pivot to Investigate > Navigate from Respond May Not WorkIn ESA rules that do not select every piece of meta from the session (that is, rules that do not use select *), you may see that data privacy (if enabled) an... For RSA NetWitness Platform 11.1 and later, ESA Rules can use Context Hub (CH) Lists as whitelists and blacklists in their construction and processing. To see details about these rules, see RSA E... Context Hub Lists in ESA Rules
Back Overview This topic tells you how to implement any non-standard data keys used in ESA alerts after you download them from Live. Update XML Files You need to update the table-map-custom.xml fil... Implement Non-Standard Meta Keys Used in ESA Rules
Back This rule detects user accounts suspected of misuse due to credential compromise or a malicious insider. The user account is suspicious due to unusual login activity within the organization. Login act... User Login Baseline ESA Rule
Back