Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 User Manual page 372

Label
InitUserDepartment
InitUserFullName
InitUserIdentity
TargetUserDepartment
TargetUserFullName
TargetUserIdentity
NOTE: To find a match, the event fields and map key fields must match exactly. This might require
modifications to existing Collectors to "identity enable" them to parse or concatenate data to make
these fields match the data from the Identity Vault.
Once added to the event by the mapping service, these fields are used by correlation rules,
remediation actions, and reports in the Identity Tracking Solution Pack. In addition to using the
content included in the Solution Pack, users can also perform the following actions:
Create correlation rules based on identity in addition to account name. This allows you to look
for similar events from a single user, which provides a more comprehensive view than looking
at events from a single account
Create reports that show identity, including all accounts associated with a user
Use the Identity Browser to get more information about users and their activity
NOTE: For other identity systems, similar integration can be achieved by writing an identity
synchronization Collector that uses the Identity API.
372 Sentinel 6.1 Rapid Deployment User Guide
Populated by which Column
from IdentityAccount Map
Department
Full Name
Identity GUID
Department
Full Name
Identity GUID
Map Key Field : Event Label
Account Name : InitUserName
Authority : InitUserDomain
Customer Name : MSSPCustomerName
Account Name : InitUserName
Authority : InitUserDomain
Customer Name : MSSPCustomerName
Account Name : InitUserName
Authority : InitUserDomain
Customer Name : MSSPCustomerName
Account Name : TargetUserName
Authority : TargetUserDomain
Customer Name : MSSPCustomerName
Account Name : TargetUserName
Authority : TargetUserDomain
Customer Name : MSSPCustomerName
Account Name : TargetUserName
Authority : TargetUserDomain
Customer Name : MSSPCustomerName