Novell SENTINEL 6.1 SP2 - 02-2010 User Manual page 324

For this manual step the variable yes is specified. Providing another value such as no or else
(no attack) will result in going to an email that will send an automatic email and complete the
process. Let say that initial assessment is that there is an attack, with the hacked variable equal
to yes, click Complete (to complete this step, not complete the process).
11 In the Work Items window, highlight the process and click View Details. The Collect Data step
should be highlighted in red. As before, this is a manual step.
12 Click the Process Details tab.
13 Again, the variable page displays. In the previous step of the iTRAC Process, Collect Data is a
step to further determine by analyzing the event(s) of interest if an attack has occurred. Let's
say that an attack has occurred. Leave the default value of yes. If this were a real attack, it will
be beneficial to add clear notes and/or attachments as to the information about this attack. Click
Complete.
14 In Work Items window, highlight the process and click View Details. The Prevent Future
Attacks step should be highlighted in red. As before, this is a manual step.
15 In this manual step, measures should be taken to harden the network to prevent future attacks.
When this is done, as before it will be beneficial to add clear notes and/or attachments as to the
information about this attack. Click Complete.
The next step is an automatic email step indicating that proper anti-attack measures have been
taken. The iTRAC Process will be removed from the Work Items window.
324 Sentinel 6.1 User Guide