Novell SENTINEL 6.1 SP2 - 02-2010 User Manual page 461

Process Template
Figure A-14
A worklist provides the user with all tasks that have been assigned to the user and a process monitor
provides real-time visibility into process status during a resolution process lifecycle.
iTRAC's activity framework enables users to customize automated or manual tasks for specific
incident-resolution processes. The iTRAC process templates can be configured using the activity
framework to match the template with an organization's best practices. Activities are executed
directly from the Sentinel Control Center.
iTRAC's automation framework works using two key components:
Activity container
It automates the activities execution for the specified set of steps based on input rules
Workflow container
It automates the workflow execution based on activities through a work-list.
The input rules are based on the XPDL (XML Processing Description Language) standard and
provide a formal model for expressing executable processes in a business enterprise. This standards-
based approach to the implementation of business-specific rules and rule sets ensures future-
proofing of process definitions for customers.
The iTRAC system uses three Sentinel 6 objects that can be defined outside the iTRAC framework:
 Incident: Incidents within Sentinel 6 are groups of events that represent an actionable security
incident, associated state and meta-information. Incidents are created manually or through
correlation rules, and can be associated with a workflow process. They can be viewed on the
Incidents tab.
 Activity: An Activity is a pre-defined automatic unit of work, with defined inputs, command-
driven activity and outputs, such as automatic attachment of asset data to the incident or
generation of an e-mail. Activities can be used within workflow templates, triggered by a
correlation rule, or executed by a right-click when viewing events.
Sentinel Architecture 461