Table of Contents
Advertisement
6.7.2 Incident Internal Activity
An incident internal activity enables you to mail or attach information from the Sentinel database to
the incident associated with the workflow process. Each of these options has a prerequisite.
Vulnerability for the Initiator IP address (SIP) or the Target IP address (DIP): This
requires that you run a vulnerability scanner and bring the results of the scan into Sentinel by
using a Vulnerability (or "information") Collector.
Advisor attack-related data: This requires the purchase and installation of the optional
Advisor data subscription service.
Asset data This requires that you run an asset management tool such as NMAP and bring the
results into Sentinel by using an Asset Collector.
To send mail messages from within the Sentinel Control Center, you must have an SMTP Integrator
that is configured with connection information and with the SentinelDefaultEMailServer property
set to true.
6.7.3 Eradication Activity
The eradication activity is used to run the
the IP-to-Physical address translation tables used by the Address Resolution Protocol (ARP).
The
command displays the current ARP entries by interrogating the current protocol data. If
arp -a
option is specified, the IP and physical addresses for only the specified computer are
inet_addr
displayed. If more than one network interface uses ARP, entries for each ARP table are displayed.
6.7.4 Incident Composite Activity
An incident composite activity enables combine one or more existing command and internal
activities.
6.7.5 Creating iTRAC Activities
1 Click the iTRAC tab.
2 In the Navigator, click iTRAC Administration > Activity Manager or click the Add button in the
Activity pane.
3 Select an existing activity and click the
4 Select an activity type: Command, Internal, or Composite.
5 Provide a name and description for this activity. Click Next.
command. The
arp
arp
button. The Activity Wizard window displays.
Add
command displays and modifies
iTRAC Workflows 151
Advertisement
Table of Contents
