Table of Contents
Advertisement
Supported Systems
Symantec Intruder Alert
McAfee* IntruShield*
eEYE* Retina*
Foundstone* Foundscan*
ISS Database Scanner
ISS Internet Scanner
ISS System Scanner
ISS Wireless Scanner
Nessus*
nCircle IP360*
Qualys*QualysGuard*
Cisco IOS Firewall
The Advisor service and its corresponding Exploit Detection feature depend on mappings between
attacks against enterprise assets combined with known vulnerabilities on those assets. Three
separate feeds of information are required to ensure that this system works correctly. In order for
Advisor and Exploit Detection to work with your specific mix of local products, the products in
question must be supported by all three feeds.
Vulnerability scan data: Vulnerability scanners check enterprise assets for known
vulnerabilities; these scans can then be loaded into the Sentinel
referential information. Sentinel supports a number of popular vulnerability scanners on the
market, but it is also possible to write your own Collectors for new sources.
Advisor mapping feed: The Advisor feed contains information about known threats,
including attacks and vulnerabilities. This third-party service gathers information from a
variety of vulnerability and intrusion detection vendors, and creates the mappings between
abstract vulnerabilities and attacks. The Advisor service currently supports several popular
products; if there is sufficient market demand, new products can be added.
Real-time attacks: Intrusion detection systems report real-time attacks against enterprise
assets, but typically can't tell what happened when the attack reached its target. Sentinel
supports a number of popular intrusion detection systems, but it is also possible to write your
own Collectors for new sources.
The Exploit Detection feature depends on several specific features to be present in the various data
feeds.
Both vulnerability scanners and the intrusion detection systems must report vulnerabilities and
attacks against the same set of systems. In Sentinel, systems are identified by their IP addresses
and their MSSP Customer Name. The MSSP Customer Name is a namespace identifier that
helps prevent overlapping IP ranges from matching incorrectly.
380 Sentinel 6.1 Rapid Deployment User Guide
Device Type
IDS
IDS
VULN
VULN
VULN
VULN
VULN
VULN
VULN
VULN
VULN
FW
RV31 Value
Intruder
IntruShield
Retina
Foundstone
Database Scanner
Internet Scanner
System Scanner
Wireless Scanner
Nessus
nCircle IP360
QualysGuard
Cisco IOS
database to serve as
TM
Advertisement
Table of Contents
Related Manuals for Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
Related Products for Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
- NOVELL SENTINEL 6.1 SP1 HOTFIX 2 - READ ME 9-2009
- NOVELL SENTINEL 6.1.1.0 - README
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 06-15-2009
- NOVELL NETWARE 6-DOCUMENTATION
- NOVELL ZENWORKS PATCH MANAGEMENT 6.3 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - AGENT
- Novell NETWARE 6
- Novell SENTINEL 6.1 SP2
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - INSTALLATION GUIDE 12-2009
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 SP2 - SERVER
- Novell 3.6 05-2008
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP 2
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER