Table of Contents
Advertisement
Section 6.7.5, "Creating iTRAC Activities," on page 151
Section 6.7.6, "Managing Activities," on page 154
Figure 6-3
iTRAC activities can be used in iTRAC templates to define a workflow step, or they can be
manually executed from within an incident. Sentinel provides three types of actions that can be used
to build Activities:
Section 6.7.1, "Incident Command Activity," on page 150
Section 6.7.2, "Incident Internal Activity," on page 151
Section 6.7.3, "Eradication Activity," on page 151
Section 6.7.4, "Incident Composite Activity," on page 151
Section 6.7.5, "Creating iTRAC Activities," on page 151
Section 6.7.6, "Managing Activities," on page 154
6.7.1 Incident Command Activity
An incident command activity enables you to launch a specific command with or without
arguments. The following fields from the incident associated with the workflow process can be used
as input to the command:
DIP (Target IP)
DIP : Port
RT1 (DeviceAttackName)
SIP (Initiator IP)
SIP : Port
Text (incident information in name value pair format)
NOTE: The command must be stored in the
the iTRAC workflow server, usually the same machine where the Data Access Server (DAS) is
installed.
150 Sentinel 6.1 Rapid Deployment User Guide
Activity Pane
<Install_directory>\config\exec
directory on
Advertisement
Table of Contents
