Sentinel Plugins; Collectors; Connectors And Integrators; Correlation Rules And Actions - Novell SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010 Installation Manual

Hide thumbs Also See for SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010:

Reference manual (232 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

Table of Contents

1.4 Sentinel Plugins

Sentinel supports a variety of plugins to expand and enhance system functionality. Some of these

plugins are installed automatically. Additional plugins (and updates) are available for download at

http://support.novell.com/products/sentinel/sentinel61.html (http://support.novell.com/products/

sentinel/sentinel61.html).

Some plugins, such as the Remedy* Integrator and the IBM* Mainframe Connector, require an

additional license for download.

1.4.1 Collectors

Sentinel collects data from source devices and delivers a richer event stream by injecting taxonomy,

exploit detection, and business relevance into the data stream before events are correlated and

analyzed and sent to the database. A richer event stream means that data is correlated with the

required business context to identify and remediate internal or external threats and policy violations.

Sentinel Collectors can parse data from the types of devices listed below:



Intrusion Detection Systems (host)



Intrusion Detection Systems (network)



Firewalls



Operating Systems



Policy Monitoring



Authentication



Routers and Switches



VPNs

JavaScript Collectors can be written and run on Sentinel 6.0 SP1 and above using standard

JavaScript development tools and the Collector SDK. Proprietary Collectors can be built or

modified using

Section 1.2.4, "Sentinel Collector Builder," on page

included with the Sentinel system.

1.4.2 Connectors and Integrators

Connectors provide connectivity from the Collector Manager to event sources using standard

protocols such as JDBC* and syslog. Events are passed from the Connector to the Collector for

parsing.

Integrators enable remediation actions on systems outside of Sentinel. For example, a correlation

action can use the SOAP Integrator to initiate a Novell Identity Manager workflow.

The optional Remedy AR Integrator provides the ability to create a Remedy ticket from Sentinel

events or incidents.

1.4.3 Correlation Rules and Actions

Correlation rules identify important patterns in the event stream. When a correlation rule triggers, it

initiates correlation actions, such as sending email notifications, initiating an iTRAC workflow, or

executing an action using an Integrator.



Anti-Virus Detection Systems



Web Servers



Databases



Mainframe



Vulnerability Assessment Systems



Directory Services



Network Management Systems



Proprietary Systems

13, a standalone application

Introduction

Table of Contents

This manual is also suitable for:

Sentinel 6.1 sp2

Sentinel Plugins; Collectors; Connectors And Integrators; Correlation Rules And Actions - Novell SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010 Installation Manual

1.4 Sentinel Plugins

1.4.1 Collectors

1.4.2 Connectors and Integrators

1.4.3 Correlation Rules and Actions

Related Manuals for Novell SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010

Related Content for Novell SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010

This manual is also suitable for:

Table of Contents