1.1.2 Incidents
An incident is a set of events that require attention (for example, a possible attack). Incidents
centralize the data and typically comprise a correlated event, the associated events that triggered a
correlation rule, asset details of the affected systems, vulnerability state of the affected systems and
any remediation information, if known. Incidents can be associated with a remediation workflow in
iTRAC, if specified. An incident associated to an iTRAC workflow allows users to track the
remediation state of the incident.
In the Incidents Tab, you can:
Manage incident views
View and manage incidents and their associated data
Switch between existing incident views
1.1.3 iTRAC
iTRAC's stateful incident remediation workflow capability allows you to incorporate your
organization's incident response processes into Sentinel.
In the iTRAC tab, you can:
Create custom workflow templates
Edit workflow templates
Create custom activities
Edit activities
Associate activities with workflow steps
Initiate and execute Processes
1.1.4 Analysis
The Analysis tab is the historical reporting interface for Sentinel. Reports are published on a Web
server and can be rendered in the analysis tab or in an external browser. You can also run and save
an Offline Query for later quick retrieval of search results.
1.1.5 Advisor
Advisor is an optional module that provides real-time correlation between detected IDS attacks and
vulnerability scan output in order to immediately indicate increased risk to an organization.
In the Advisor tab, you can view the products that Novell supports for Advisor and also the status of
the last five Advisor feed files that have been processed or are being processed.
1.1.6 Admin
The Admin tab provides you access to perform the administrative actions and configuration settings
in Sentinel. In the Admin tab, you can:
Configure connection to Crystal Reports
22
Sentinel 6.1 User Guide