Installing Advisor; Viewing Advisor Data; Using Menu Options To View Data; Maintaining Advisor - Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 User Manual

The vulnerability scanner and intrusion detection system must be supported by the Advisor
service. All three use specific product identifiers to ensure proper matching.
The specific reported attacks and vulnerabilities must be known to the Advisor service and
Exploit Detection. The Advisor service is updated every 6 hours based on updates from the
various security device vendors.
All Collectors shipped by Novell
being supported by Advisor. If you want to write your own vulnerability or intrusion detection
Collector, or plan to modify one of our shipping Collectors, refer to the
/developer.novell.com/wiki/index.php?title=Develop_to_Sentinel)
which event and vulnerability fields must be filled in to support this service.

17.2 Installing Advisor

Advisor installation is explained in the Sentinel installation guide
Sentinel 6.1 Rapid Deployment Installation
with the Sentinel 6.1 Rapid Deployment installer. However, you need an additional Advisor license
to receive the Advisor updates. For more information, see
6.1 Rapid Deployment Installation

17.3 Viewing Advisor Data

Advisor data can be viewed by right-clicking on an event with an attack signature.

17.3.1 Using Menu Options to View Data

1 Use the following options to view Advisor data:
Click the Active Views tab.
Click the Incidents tab. The associated events display in the Events tab.
Click the Analysis Tab, click Offline Query, select a Query, then click Browse.
The Event grid displays in the Active Browser.
2 Right-click an event or a set of events from the Event Grid.
3 From the right-click menu options, select Analyze > Advisor data.
A new window with Advisor data displays.
The right-click function is not fully operational until the first download of Advisor data has been
fully loaded into the database.
You can analyze Advisor data only if the selected events are from an intrusion detection system
(IDS) supported by Advisor.
Data in the Advisor database must be up-to-date for accurate results.

17.4 Maintaining Advisor

Section 17.4.1, "Updating Data in Advisor Tables," on page 382
Section 17.4.2, "Changing the Advisor E-Mail Configuration," on page 382
Section 17.4.3, "Changing the Scheduled Data Update Time," on page 383
®
meet the above requirements, as long as they are declared as
Guide. The initial Advisor data is by default loaded
Guide.
Sentinel Plug-in SDK (http:/
for specific information about
"Advisor Configuration" in the
"Advisor Configuration" in the
Advisor Usage and Maintenance 381
Sentinel