Table of Contents
Advertisement
Supported Products
ISS RealSecure Network
ISS RealSecure Server
ISS RealSecure Guard
Sourcefire* Snort*/Phalanx
Symantec* Network Security 4.0
(ManHunt*)
Symantec Intruder Alert
McAfee* IntruShield*
TippingPoint*
eEYE* Retina*
Foundstone* Foundscan*
ISS Database Scanner
ISS Internet Scanner
ISS System Scanner
ISS Wireless Scanner
Nessus*
nCircle IP360*
Qualys* QualysGuard*
Cisco IOS Firewall
To enable exploit detection, the Sentinel Collectors must populate several variables as expected.
Collectors built by Novell populate these variables by default.
In intrusion detection systems and vulnerability Collectors, the RV31 (DeviceName) variable
in the event must be set to the value in the RV31 column in
sensitive.
In the intrusion detection systems Collector, the DIP (Destination or Target IP) must be
populated with the IP address of the machine that is being attacked.
In the intrusion detection systems Collector, RT1 (DeviceAttackName) must be set to the attack
name or attack code for that intrusion detection system.
In the intrusion detection systems and vulnerability Collectors, RV39 (MSSPCustomerName)
value must be populated. For a standard corporation, the value can be anything. For a Managed
Security Service Provider (MSSP), the customer name should be set for the individual
customer. For either type of company, the value in the intrusion detection systems Collector
must exactly match with the value in the vulnerability Collector.
These values are used by the Mapping Service to populate the VULN field in the event. This value is
used to evaluate the incoming events to determine whether a vulnerability is exploited or not. When
the vulnerability field (VULN) equals 1, the asset or destination device is exploited. If the
vulnerability field equals 0, the asset or destination device is not exploited.
Device Type
IDS
IDS
IDS
IDS
IDS
IDS
IDS
IPS
VULN
VULN
VULN
VULN
VULN
VULN
VULN
VULN
VULN
FW
RV31 Value
XForce
XForce
XForce
Snort
ManHunt
Intruder
IntruShield
TippingPoint
Retina
Foundstone
XForce
XForce
XForce
XForce
Nessus
nCircle IP360
QualysGuard
Secure
Table
8-1. This string is case
Advisor Usage and Maintenance 161
Advertisement
Table of Contents
Related Manuals for Novell SENTINEL 6.1 SP2 - 02-2010
Related Products for Novell SENTINEL 6.1 SP2 - 02-2010
- NOVELL CLIENT FOR LINUX 2.0 SP2 - 03-2009
- NOVELL ACCESS MANAGER 3.1 SP2 - J2EE AGENT GUIDE 2010
- NOVELL BUSINESS CONTINUITY CLUSTERING 1.1 SP1 - 9-21-2010 ADMINISTRATION GUIDE FOR OPEN ENTERPRISE SERVER 1 SP2 LINUX
- NOVELL CLIENT FOR LINUX 2.0 SP1 - 08-2008
- NOVELL CLIENT FOR LINUX 2.0 SP3 - 11-2009
- NOVELL SP2 - S
- NOVELL SUSE LINUX ENTERPRISE DESKTOP 11 SP1 - 8-18-2010 VIRTUALIZATION WITH ZEN
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - NETWORK DISCOVERY DATABASE STRUCTURE
- NOVELL ACCESS MANAGER 3.1 SP1 - S 11-20-2009
- NOVELL DATA SYNCHRONIZER - 07-2010
- NOVELL SUPPORT ADVISOR 2.0.1
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - INSTALLATION GUIDE 12-2009
- Novell DATA SYNCHRONIZER MOBILITY PACK
- Novell SUSE LINUX Retail Solution 8
- Novell INTELLISYNC MOBILE SUITE 7.0
- NOVELL SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010