Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 User Manual page 390

Streaming Maps
The Map Service employs a dynamic update model and streams the maps from one point to another,
avoiding the buildup of large static maps in dynamic memory. The value of this streaming capability
is particularly relevant in a mission-critical real-time system such as Sentinel where there must be a
steady, predictive, and agile movement of data independent of any transient load on the system.
Exploit Detection
Sentinel provides the ability to cross-reference event data signatures with vulnerability scanner
data.You are notified automatically and immediately when an attack is attempting to exploit a
vulnerable system. This is accomplished through:
The Advisor feed
Intrusion detection
Vulnerability scanning
The firewall
Advisor provides a cross-reference between event data signatures and vulnerability scanner data.
The Advisor feed has both an alert feed and an attack feed. The alert feed contains information about
vulnerabilities and threats. The attack feed is a normalization of event signatures and vulnerability
plug-ins.
The supported systems are:
Intrusion Detections Systems
Cisco Secure IDS
Enterasys Dragon Host Sensor
Enterasys Dragon Network Sensor
Intrusion.com (SecureNet_Provider)
ISS BlackICE
ISS RealSecure Desktop
ISS RealSecure Network
ISS RealSecure Server
ISS RealSecure Guard
Snort
Symantec Network Security 4.0 (ManHunt)
Symantec Intruder Alert
McAfee IntruShield
Vulnerability Scanners
eEYE Retina
Foundstone Foundscan
ISS Database Scanner
ISS Internet Scanner
ISS System Scanner
390 Sentinel 6.1 Rapid Deployment User Guide