Analysis; Admin; Correlation; Event Source Management - Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 User Manual

Associate activities with workflow steps
Initiate and execute processes

2.2.4 Analysis

The Analysis tab is used to run and save an offline query for later quick retrieval of search results.

2.2.5 Admin

The Admin tab provides you access to perform the administrative actions and configuration settings
in Sentinel. In the Admin tab, you can:
Create and modify filters
Use filters to format data
Use filters to determine event routing
View system statistics about the Data Access Service
Start and stop system components
Configure Sentinel event fields
Configure the mapping service
Create new options for right-click event menus
Aggregate data for reporting
Create users and assign them to roles for workflows
Manage user sessions

2.2.6 Correlation

The Correlation tab provides an interface to create and deploy rules to detect suspicious or
malicious patterns of events.
In the Correlation tab, you can:
Create and edit rules
Deploy/undeploy rules
Add an action and associate it to a rule
Configure dynamic lists

2.2.7 Event Source Management

The Event Source Management (ESM) interface is available through the Sentinel Control Center
menu. It allows you to manage and monitor connections between Sentinel and its event sources by
using Sentinel Connectors and Sentinel Collectors.
In the ESM, you can:
Import/export Connectors and Collectors from and to the centralized repository available in
ESM
44 Sentinel 6.1 Rapid Deployment User Guide