Advisor Usage And Maintenance; Understanding Advisor - Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 User Manual

Advisor Usage and Maintenance

1 7
Advisor is an optional data subscription service that provides device-level correlation between real-
time events from intrusion detection and prevention systems and enterprise vulnerability scan
results. By providing normalized attack information, Advisor acts as an early warning service to
detect attacks against vulnerable systems. It also provides associated remediation information.
Section 17.1, "Understanding Advisor," on page 379
Section 17.2, "Installing Advisor," on page 381
Section 17.3, "Viewing Advisor Data," on page 381
Section 17.4, "Maintaining Advisor," on page 381

17.1 Understanding Advisor

The Advisor data feed is updated on a regular basis as new attacks and vulnerabilities are reported. It
contains two types of data:
Alert Data: Information relating to known security vulnerabilities and threats
Attack Data: Normalization of intrusion detection signatures and vulnerability scanning plug-
ins
The supported systems are listed below with their associated device type (IDS for intrusion
detection system, VULN for vulnerability scanners, and FW for firewall).
Supported Systems and Their Associated Device Type
Table 17-1
Supported Systems
Cisco* Secure IDS
Enterasys* Dragon* Host Sensor IDS
Enterasys Dragon Network
Sensor
Intrusion.com
(SecureNet_Provider)
ISS BlackICE PC Protection
ISS RealSecure* Desktop
ISS RealSecure Network
ISS RealSecure Server
ISS RealSecure Guard
Sourcefire* Snort*/Phalanx
Symantec* Network Security 4.0
(ManHunt)
Device Type
IDS
IDS
IDS
IDS
IDS
IDS
IDS
IDS
IDS
IDS
RV31 Value
Secure
Dragon
Dragon Network
SecureNet_Provider
BlackICE
RealSecure Desktop
RealSecure
RealSecure Server
RealSecure Guard
Snort
ManHunt
Advisor Usage and Maintenance
17
379