Table of Contents
Advertisement
is linked to a physical asset. The primary automated update mechanism for asset data is through an
asset Collector reading data from a scanner such as Nmap. The asset Collector automates the
retrieval of asset information by reading asset data from the scanner and populating the asset schema
tables with this data. For Event Mapping, asset information is mapped from the destination IP and
source IP.
There are two types of data sources:
External: A Collector populates the value in the event tag.
Referenced from Map: Data is retrieved from a map to populate the tag.
Figure 10-15
In the above illustration, the SourceAssetName tag is populated from the map called
has
asset.csv
the AssetName column from the Asset map. The PhysicalAsssetName column is set as the key.
When the InitIP tag of the event matches one of the source IP values in the PhysicalAsssetName
column of the map, the row with the matching key is used to intersect the AssetName Column. For
instance, in the following example the IP corresponds to AssetName Finance35.
NOTE: When a column is set as a key, it does not appear in the Column drop-down field.
Figure 10-16
You can have more than one column set as a key if you do not want the map to be a range map
(range maps can only have one key column, with that column type set to NumberRange). For
instance (with the column type set to String) the AttackId tag has the DeviceName (name of the
security device) and DeviceAttackName columns set as keys and uses the NormalizedAttackID
column in the AttackNormalization map for its value. In a row where the DeviceName event tag
matches the data in the Device map column and the DeviceAttackName matches the data in the
AttackSignature map column, the value for AttackId is the value in the NormalizedAttackID
column. The configuration for Event Mapping just described is as follows:
250 Sentinel 6.1 Rapid Deployment User Guide
Data Sources
as its map data source file). The specific value for SourceAssetName is taken from
Physical Assent Name Corresponds to the Asset Name
(which
Asset
Advertisement
Table of Contents
Related Manuals for Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
Related Products for Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
- NOVELL SENTINEL 6.1 SP1 HOTFIX 2 - READ ME 9-2009
- NOVELL SENTINEL 6.1.1.0 - README
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 06-15-2009
- NOVELL NETWARE 6-DOCUMENTATION
- NOVELL ZENWORKS PATCH MANAGEMENT 6.3 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - AGENT
- Novell NETWARE 6
- Novell SENTINEL 6.1 SP2
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - INSTALLATION GUIDE 12-2009
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 SP2 - SERVER
- Novell 3.6 05-2008
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP 2
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER