Novell SENTINEL 6.1 SP2 - REFERENCE GUIDE 02-2010 Reference Manual page 26

Default Label
DeviceName
DeviceCategory
EventContext
InitThreatLevel
InitUserDomain
DataContext
InitFunction
InitOperationalContext
MSSPCustomerName
VendorEventCode
TargetHostDomain
InitDomain
ReservedVar43
TargetThreatLevel
TargetUserDomain
VirusStatus
TargetFunction
TargetOperationalContext
TaxonomyLevel4
26 Sentinel 6.1 Reference Guide
Filters and Menu and Proprietary
Correlation Correlation Collector
Rules Actions Language
e.rv31 %rv31% s_RV31
e.rv32 %rv32% s_RV32
e.rv33 %rv33% s_RV33
e.rv34 %rv34% s_RV34
e.rv35 %rv35% s_RV35
e.rv36 %rv36% s_RV36
e.rv37 %rv37% s_RV37
e.rv38 %rv38% s_RV38
e.rv39 %rv39% s_RV39
e.rv40 %rv40% s_RV40
e.rv41 %rv41% s_RV41
e.rv42 %rv42% s_RV42
e.rv43 %rv43% s_RV43
e.rv44 %rv44% s_RV44
e.rv45 %rv45% s_RV45
e.rv46 %rv46% s_RV46
e.rv47 %rv47% s_RV47
e.rv48 %rv48% s_RV48
e.rv53 %rv53% s_RV53
Data
Description
Type
string Name of the device
generating the event. If
this device is supported
by Advisor, the name
should match the name
known by Advisor. Used
in Exploit Detection.
string Device category (FW,
IDS, AV, OS, DB).
string Event context (threat
level).
string Initiator threat level.
string Domain (namespace) in
which the initiating
account exists.
string Data context.
string Initiator function.
string Initiator operational
context.
string MSSP customer name.
string Event code reported by
device vendor.
string Domain portion of the
target system's fully-
qualified hostname.
string Domain portion of the
initiating system's fully-
qualified hostname.
string Reserved by Novell for
expansion.
string Target threat level.
string Domain (namespace) in
which the target account
exists..
string Virus status.
string Target function.
string Target operational
context.
string Sentinel event code
categorization - level 4.