1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. SENTINEL RAPID DEPLOYMENT 6.1 - REFERENCE GUIDE...
  6. Reference manual

Novell SENTINEL RAPID DEPLOYMENT 6.1 - REFERENCE GUIDE 06-15-2009 Reference Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
AUTHORIZED DOCUMENTATION
Reference Guide
Novell
®
Sentinel
Rapid Deployment
TM
6.1
June 15, 2009
www.novell.com
Sentinel 6.1 Rapid Deployment Reference Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SENTINEL RAPID DEPLOYMENT 6.1 - REFERENCE GUIDE 06-15-2009 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Novell SENTINEL RAPID DEPLOYMENT 6.1 - REFERENCE GUIDE 06-15-2009

Summary of Contents for Novell SENTINEL RAPID DEPLOYMENT 6.1 - REFERENCE GUIDE 06-15-2009

  • Page 1 AUTHORIZED DOCUMENTATION Reference Guide Novell ® Sentinel Rapid Deployment June 15, 2009 www.novell.com Sentinel 6.1 Rapid Deployment Reference Guide...
  • Page 2 Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
  • Page 4 Sentinel 6.1 Rapid Deployment Reference Guide...

  • Page 5: Table Of Contents

    Contents About This Guide 1 Sentinel 6.1 Rapid Deployment Event Fields Event Field Labels and Tags ..........11 1.1.1 Free-Form Filters and Correlation Rules .
  • Page 6 Operators ..............44 3.5.1 Flow Operator .
  • Page 7 6.1.34 CUST_HIERARCHY_V ..........74 6.1.35 CUST_RPT_V .
  • Page 8 6.1.93 PHYSICAL_ASSET_RPT_V ......... . 107 6.1.94 PRODUCT_RPT_V .

  • Page 9: About This Guide

    Please use the User Comments feature at the bottom of each page of the online documentation and enter your comments there. Additional Documentation Sentinel technical documentation is broken down into several different volumes. They are: Novell Sentinel 6.1 RD Installation Guide (http://www.novell.com/documentation/ sentinel61rd/s61rd_install/data/index.html) About This Guide...
  • Page 10 In this documentation, a greater-than symbol (>) is used to separate actions within a step and items within a cross-reference path. A trademark symbol (®, ™, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. When a single path name can be written with a backslash for some platforms or a forward slash for other platforms, the path name is presented with forward slashes to reflect the Linux* convention.

  • Page 11: Sentinel 6.1 Rapid Deployment Event Fields

    WARNING: Changing the default label for variables other than Customer Variables may cause confusion when working with Novell Technical Services or other parties who are familiar with the default names. In addition, JavaScript Collectors built by Novell refer to the default labels described in this chapter and are not automatically updated to refer to new labels.

  • Page 12: Free-Form Filters And Correlation Rules

    Each field is associated with a specific data type, which corresponds to the data type in the database: string: limited to 255 characters (unless otherwise specified) integer: 32-bit signed integer UUID: 36 character (with hyphens) or 32 character (without hyphens) hexadecimal string in the format XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (For example, - 6A5349DA-7CBF-1028-9795-000BCDFFF482) date: Collector Variable must be set with date as number of milliseconds from January 1, 1970...

  • Page 13: Actions

    Filter Wizard displaying labels in drop-down and free-form language Figure 1-2 The representation of fields in the free-form RuleLG language is usually prefaced by “e.” for example, “e.InitUserName” or “e.sun” can refer to the Initiator User Name for the incoming or current event.
  • Page 14 Configuration Action - Select Event Attributes window Figure 1-3 When you type the label or short tag for a field to be used in an action, the name can be enclosed in percent signs (%tag%) or dollar signs ($tag$). For example: %sun% in a correlation action refers to the value of InitUser in the correlated event $sun$ in a correlation action refers to the value of InitUser in the current, “trigger”...

  • Page 15: Proprietary Collectors

    Figure 1-4 1.1.3 Proprietary Collectors Proprietary Collectors, written in Novell’s own language, always use variables based on the short tag to refer to event fields. The short tag name must be prefaced by a letter and underscore, where the letter indicates the data type for the field (i_ for integer, s_ for string).
  • Page 16 Labels and Meta-tags used in Sentinel Control Center and proprietary Collector language Table 1-1 Filters and Menu and Proprietary Data Default Label Correlation Correlation Collector Description Type Rules Actions Language DeviceEventTimeString e.et %et% s_ET string The normalized date and time of the event, as reported by the sensor.
  • Page 17 Filters and Menu and Proprietary Data Default Label Correlation Correlation Collector Description Type Rules Actions Language CollectorScript e.agent %agent% string The name of the Collector Script used by the Collector to generate this event. Resource e.res %res% s_Res string Compliance monitoring hierarchy level 1 SubResource e.sres...
  • Page 18 Device specific attack name that matches attack name known by Advisor. Used in Exploit Detection. e.rt2 %rt2% s_RT2 string Reserved by Novell for expansion. Ct1 thru Ct2 e.ct1 thru %ct1% s_CT1 string Reserved for use by e.ct2 thru...
  • Page 19 Filters and Menu and Proprietary Data Default Label Correlation Correlation Collector Description Type Rules Actions Language CollectorManagerId e.rv21 %rv21% s_RV21 UUID Unique identifier for the Collector Manager which generated this event. CollectorId e.rv22 %rv22% s_RV22 UUID Unique identifier for the Collector which generated this event.
  • Page 20 InitDomain e.rv42 %rv42% s_RV42 string Domain portion of the initiating system's fully- qualified hostname. ReservedVar43 e.rv43 %rv43% s_RV43 string Reserved by Novell for expansion. TargetThreatLevel e.rv44 %rv44% s_RV44 string Target threat level. TargetUserDomain e.rv45 %rv45% s_RV45 string Domain (namespace) in which the target account exists..
  • Page 21 Correlation Collector Description Type Rules Actions Language Variables reserved for future e.rv63 thru %rv63% s_RV63 string Variables not currently in use by Novell e.rv75 thru thru s_rv75 %rv75% InitAssetDepartment e.rv76 %rv76% s_RV76 string Department of the initiating system. InitAssetId e.rv77...
  • Page 22 Filters and Menu and Proprietary Data Default Label Correlation Correlation Collector Description Type Rules Actions Language SARBOX e.cv90 %cv90% s_CV90 string Set to 1 if the asset is governed by Sarbanes- Oxley. HIPAA e.cv91 %cv91% s_CV91 string Set to 1 if the asset is governed by the Health Insurance Portability and Accountability Act...
  • Page 23 Filters and Menu and Proprietary Data Default Label Correlation Correlation Collector Description Type Rules Actions Language CustomerVar161 thru e.cv161 %cv161% s_CV161 string Date variable reserved for CustomerVar170 thru thru thru customer use. Not stored e.cv170 %cv170% s_CV170 in database. CustomerVar171 thru e.cv171 %cv171% s_CV171...
  • Page 24 Sentinel 6.1 Rapid Deployment Reference Guide...

  • Page 25: Sentinel 6.1 Rapid Deployment Control Center User Permissions

    Sentinel 6.1 Rapid Deployment Control Center User Permissions Sentinel allows administrators to set user permissions in the Sentinel Control Center at a granular level. The only user created by default is the , or Sentinel Administrator. All other users are admin created by the Sentinel Administrator, or someone with similar permissions.
  • Page 26 4 Right click user and select User Details. 5 Select the Permissions tab. Sentinel 6.1 Rapid Deployment Reference Guide...

  • Page 27: General

    6 Deselect the check boxes for which you want to restrict the user. 7 Click OK. 2.2 General Permissions-General Table 2-1 Permission Name Description Save Workspace Allows user to save preferences. If this permission is unavailable, user will never be prompted to save changes to preferences when logging out or exiting the Sentinel Control Center.

  • Page 28: General - Public Filters

    2.2.1 General – Public Filters Permissions-General-Public Filters Table 2-2 Permission Name Description Create Public Filters Allows user to create a filter with an owner ID of PUBLIC. If user does not have this permission, then the value PUBLIC will not be listed as one of the owner IDs that user can create a filter for.

  • Page 29: Active Views - Menu Items

    Permission Name Description Use/View Active Views Allows user to access the Active Views charts. 2.3.1 Active Views – Menu Items Permissions-Active Views-Menu Items Table 2-6 Permission Name Description Use Assigned Menu Items Allows user to use assigned menu items in the Active Views Events table (the right-click menu).

  • Page 30: Itrac - Process Management

    2.4.2 iTRAC - Process Management Permissions-iTRAC-Process Management Table 2-9 Permission Name Description View/Use Process Manager Allows user to access the Process View Manager. Start/Stop Processes Allows user to use the Process View Manager. 2.5 Incidents Permissions-Incidents Table 2-10 Permission Name Description View Incidents Tab Allows user to see and use the Incidents tab, menu and other related...

  • Page 31: Actions

    Permission Name Description Manage Integrator Allows user to manage (add/modify/delete) the configured Integrators. Manage Integrator Plugins Allows user to manage (add/modify/delete) the Integrators plugins. 2.7 Actions Permissions-Action Manager Table 2-12 Permission Name Description View Actions Allows user to use Action Manager and view Actions. Manage Actions Allows user to add/edit/delete actions of type "Execute Action Plugins"...

  • Page 32: Analysis Tab

    2.9 Analysis Tab Permissions-Analysis Tab Table 2-14 Permission Name Description Analysis Tab Allows user to see and use the View Analysis tab, menu and other related functions associated with the System Overview tab. 2.10 Administration Permissions-Administration Table 2-15 Permission Name Description View Administration Tab Allows user to see and use the View Administration tab, menu and...

  • Page 33: Administration - Server Views

    2.10.2 Administration – Server Views Permissions-Administration-Server Views Table 2-17 Permission Name Description View Servers Allows user to monitor the status of all processes. Control Servers Allows user to start, restart and stop processes. 2.11 Correlation Permissions-Correlation Table 2-18 Permission Name Description View Correlation Tab Allows user to use the Correlation functions.

  • Page 34: Reporting

    2.14 Reporting Reporting Permissions Table 2-21 Permission Name Description Run/View Reports Allows user for the following: View the report results and sample reports Run the reports by using the Run option Now in the Reports page of the Web interface. For more information on Running the reports, see “Running Reports”...

  • Page 35: Downloading

    2.15 Downloading Downloading Permissions Table 2-22 Permission Name Description Download Client Installers Allows user for the following: Download Collector Manager Installer The Collector Manager Installer helps you install the Sentinel Collector Manager on any machine from which you want to forward events.
  • Page 36 Sentinel 6.1 Rapid Deployment Reference Guide...

  • Page 37: Sentinel 6.1 Rapid Deployment Correlation Engine Rulelg Language

    Sentinel 6.1 Rapid Deployment Correlation Engine RuleLG Language This section has the following information about Sentinel correlation engine Rule LG language. Section 3.1, “Correlation RuleLG Language Overview,” on page 37 Section 3.2, “Event Fields,” on page 38 Section 3.3, “Event Operations,” on page 38 Section 3.4, “Rule Operations,”...

  • Page 38: Event Fields

    3.2 Event Fields All operations function on event fields, which can be referred to by their labels or by their short tags within the correlation rule language. For a full list of labels and short tags, see Chapter 1, “Sentinel 6.1 Rapid Deployment Event Fields,”...
  • Page 39 Boolean Operators Filter expressions can be combined using the Boolean operators AND, OR and NOT. The filter boolean operator precedence (from highest [top] to lowest [bottom] precedence) is: Boolean Operators Table 3-1 Operator Meaning Operator Type Associativity logical not unary None logical and binary...

  • Page 40: Window Operation

    For example, this filter expression is used to evaluate whether the Source IP of the current event is present on a dynamic list called MailServerList. If the Source IP is present in this list, the expression evaluates to TRUE. filter(e.sip inlist MailServerList) As another example, this filter expression combines the NOT and the INLIST operator.
  • Page 41 Window (<Boolean expression>[, <filter expression>, <evaluation period>) Where <Boolean expression> is an expression comparing a metatag value from the current event to a metatag value from a past event (or a user-specified constant) <filter expression> is optional and specifies filter criteria for the past events <evaluation period>...

  • Page 42: Trigger Operation

    The current event is not placed into the window until after the current event window evaluation is complete To minimize memory usage, only the relevant parts of the past events, not all metatag values, are maintained in memory. 3.3.3 Trigger Operation Trigger is used to specify a number of events for a user-specified duration.

  • Page 43: Gate Operation

    3.4.1 Gate Operation The gate operation is used to create a composite rule which is used in identifying complex situations from the occurrence of simple situations. The composite rule is made up of one or more nested subrules and can be configured to fire if some, any or all of the subrules fire within a specified time window.

  • Page 44: Operators

    3.5 Operators Operators are used to transition between operations or expressions. The fundamental operators used between operations are: Flow operator Union operator Intersection operator Discriminator operator 3.5.1 Flow Operator The output set of events of the left-hand side operation is the input set of events for the right-hand side operation.

  • Page 45: Discriminator Operator

    3.5.4 Discriminator Operator The discriminator operator allows users to group by event fields within other event operations. Discriminator can be used within the trigger, gate, or sequence operations. This is the last operation when executing a condition. The input for this operator will generally be the output of other operations, if any.
  • Page 46 Features Correlation in Sentinel 5.x Correlation in Sentinel 6.1RD SensorType field Sentinel 6.x merges the “C” (Correlated Events) and “W” (watchlist events) SensorTypes. All events generated by the Correlation Engine are now labeled “C” in the SensorType field. Correlation Actions and Correlation Actions and Correlation Rules Correlation Rules are decoupled...

  • Page 47: Sentinel 6.1 Rapid Deployment Data Access Service

    Sentinel 6.1 Rapid Deployment Data Access Service The Data Access Service (DAS) is Sentinel Server's persistence service and provides a message bus interface to the database. Some of the services it provides are event storage, Historical Query, event drill down, vulnerability, Advisor data retrieval, and configuration manipulation. Section 4.1, “DAS Container Files,”...

  • Page 48: Das Logging Properties Configuration Files

    If any of these database connection settings need to be changed, they must be changed in every file using the utility. Using the –a argument, this utility can update all files at das_*.xml dbconfig the same time (For example, update all files in the <Install_directory>\config or <Install_directory>/ config directory).
  • Page 49 # < Set level of specific loggers here > # Turns off all logging (disabled by default) #.level=OFF ###### NOTE: The logger is a wildcard logger name that refers to all loggers. Setting this logger’s .level level will affect all loggers. The available logging levels are: OFF: disables all logging SEVERE (highest value): indication that a component has malfunctioned or there is a loss/...
  • Page 50 Sentinel 6.1 Rapid Deployment Reference Guide...

  • Page 51: Sentinel 6.1 Rapid Deployment Accounts And Password Changes

    The following operating system user is created: novell: This user is primarily for system use and does not have a password. To log in as this user, the administrator must set a password for novell or su to novell as root.

  • Page 52: Changing Application User Passwords

    1 Log in to the Sentinel Control Center as the Sentinel Administrator or another user with User Management permissions. For more information on logging into the SCC, see “Accessing Novell Sentinel Web Interface” in the Sentinel 6.1 Rapid Deployment User Guide.
  • Page 53 7 Open the pg_hba.conf file and remove the following line: local all trust 8 Restart PostgreSQL by using the following command: /opt/novell/sentinel6_rd_x86/bin/sentinel.sh stopdb /opt/novell/sentinel6_rd_x86/bin/sentinel.sh startdb Updating Sentinel Configuration Files If the appuser password is changed, several Sentinel configuration files must be updated with an encrypted form of the new password or the system cannot access the database.
  • Page 54 Sentinel 6.1 Rapid Deployment Reference Guide...

  • Page 55: Sentinel 6.1 Rapid Deployment Database Views For Postgresql

    Sentinel 6.1 Rapid Deployment Database Views for PostgreSQL This section lists the views in the PostgreSQL DB schema for Sentinel 6.1 Rapid Deployment. These views provide information for developing your own reports (JasperReports*). Section 6.1, “Views,” on page 55 Section 6.2, “Deprecated Views,” on page 119 6.1 Views Below listed are the views available with Sentinel Rapid Deployment.
  • Page 56 Section 6.1.27, “ATTACHMENTS_RPT_V,” on page 71 Section 6.1.28, “AUDIT_RECORD_RPT_V,” on page 71 Section 6.1.29, “CONFIGS_RPT_V,” on page 72 Section 6.1.30, “CONTACTS_RPT_V,” on page 72 Section 6.1.31, “CORRELATED_EVENTS_RPT_V (legacy view),” on page 73 Section 6.1.32, “CORRELATED_EVENTS_RPT_V1,” on page 73 Section 6.1.33, “CRITICALITY_RPT_V,” on page 73 Section 6.1.34, “CUST_HIERARCHY_V,”...
  • Page 57 Section 6.1.65, “EVT_PRTCL_RPT_V,” on page 96 Section 6.1.66, “EVT_PRTCL_RPT_V3,” on page 97 Section 6.1.67, “EVT_RSRC_RPT_V,” on page 97 Section 6.1.68, “EVT_SEV_SMRY_1_RPT_V,” on page 97 Section 6.1.69, “EVT_SRC_COLLECTOR_RPT_V,” on page 98 Section 6.1.70, “EVT_SRC_GRP_RPT_V,” on page 98 Section 6.1.71, “EVT_SRC_MGR_RPT_V,” on page 99 Section 6.1.72, “EVT_SRC_OFFSET_RPT_V,”...

  • Page 58: Actvy_Parm_Rpt_V

    Section 6.1.103, “USERS_RPT_V,” on page 111 Section 6.1.104, “USR_ACCOUNT_RPT_V,” on page 112 Section 6.1.105, “USR_IDENTITY_EXT_ATTR_RPT_V,” on page 113 Section 6.1.106, “USR_IDENTITY_RPT_V,” on page 113 Section 6.1.107, “VENDOR_RPT_V,” on page 114 Section 6.1.108, “VULN_CALC_SEVERITY_RPT_V,” on page 114 Section 6.1.109, “VULN_CODE_RPT_V,” on page 114 Section 6.1.110, “VULN_INFO_RPT_V,”...

  • Page 59: Actvy_Ref_Parm_Val_Rpt_V

    6.1.2 ACTVY_REF_PARM_VAL_RPT_V View contains information about iTRAC activities. Column Name Datatype Comment ACTVY_ID uuid Activity identifier SEQ_NUM integer Sequence number ACTVY_PARM_ID uuid Activity parameter identifier PARM_VAL character varying(1000) Activity parameter value DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY...

  • Page 60: Adv_Attack_Map_Rpt_V

    Column Name Datatype Comment PROCESSOR character varying(255) Processor INPUT_FORMATTER character varying(255) Input formatter OUTPUT_FORMATTER character varying(255) Output formatter APP_NAME character varying(25) Application name DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer User who created object...

  • Page 61: Adv_Attack_Rpt_V

    Column Name Datatype Comment DATE_UPDATED timestamp with time zone Date the vulnerability has been uptimestamp with time zoned DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer User who created object MODIFIED_BY integer...

  • Page 62: Adv_Attack_Signatures

    Column Name Datatype Comment DATE_UPDATED timestamp with time zone Name of the attack DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer By user ID MODIFIED_BY integer By user ID 6.1.8 ADV_ATTACK_SIGNATURES Column Name...

  • Page 63: Adv_Master_Rpt_V

    6.1.10 ADV_MASTER_RPT_V Column Name Datatype Comment MASTER_ID integer ID that associates PLUGIN_KEY, ATTACK_KEY and VULN_KB_ID PLUGIN_KEY integer ID to reference the ADV_ATTACK_PLUGIN_V ATTACK_KEY integer ID to reference the ADV_ATTACK_MAP_V VULN_KB_ID integer ID to reference the VULN_KB_ID_V DATE_PUBLISHED timestamp with time zone Date the entry was published DATE_UPDATED timestamp with time zone Date the entry was uptimestamp with time zoned...

  • Page 64: Adv_Product_Service_Pack_Rpt_V

    Column Name Datatype Comment FEED_DATE_UPDATED timestamp with time zone Date of the Feed that uptimestamp with time zoned information on this product ACTIVE_FLAG integer Reserved for future use DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer...

  • Page 65: Adv_Vendor_Rpt_V

    Column Name Datatype Comment PRODUCT_ID integer Product ID VERSION_NAME character varying(128) Version Name of the product FEED_DATE_CREATED timestamp with time zone Date of the feed that carried the information on the entry FEED_DATE_UPDATED timestamp with time zone Date of the feed that carried the uptimestamp with time zone on the entry ACTIVE_FLAG integer...

  • Page 66: Adv_Vuln_Kb_Rpt_V

    Column Name Datatype Comment FEED_DATE_UPDATED timestamp with time Date of the feed that carried the uptimestamp zone with time zone on the entry ACTIVE_FLAG integer Reserved for future use DATE_CREATED timestamp with time Date the entry was created zone DATE_MODIFIED timestamp with time Date the entry was modified zone...

  • Page 67: Adv_Vuln_Signatures

    Column Name Datatype Comment CREATED_BY integer User who created object MODIFIED_BY integer User who last modified object 6.1.17 ADV_VULN_SIGNATURES Column Name Datatype Comment VULN_KEY integer Vulnerability key VULN_SCANNER_NAME character varying(128) Vulnerability scanner name VULN_NAME character varying(256) Vulnerability name VULN_ID character varying(256) Vulnerability ID 6.1.18 ANNOTATIONS_RPT_V View references ANNOTATIONS table that stores documentation or notes that can be associated...

  • Page 68: Asset_Hostname_Rpt_V

    6.1.20 ASSET_HOSTNAME_RPT_V View references ASSET_HOSTNAME table that stores information about alternate host names for assets. Column Name Datatype Comment ASSET_HOSTNAME_ID uuid Asset alternate hostname identifier PHYSICAL_ASSET_ID uuid Physical asset identifier HOST_NAME character varying(255) Host name CUST_ID bigint Customer identifier DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED...

  • Page 69: Asset_Rpt_V

    Column Name Datatype Comment ADDRESS_LINE_2 character varying(255) Address line 2 CITY character varying(100) City STATE character varying(100) State COUNTRY character varying(100) Country ZIP_CODE character varying(50) Zip code DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer...

  • Page 70: Asset_X_Entity_X_Role_Rpt_V

    Column Name Datatype Comment ASSET_VALUE_ID bigint Asset value code ASSET_VALUE_NAME character varying(50) Asset value name DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer User who created object MODIFIED_BY integer User who last modified object...

  • Page 71: Attachments_Rpt_V

    Column Name Datatype Comment DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer User who created object MODIFIED_BY integer User who last modified object 6.1.27 ATTACHMENTS_RPT_V View references ATTACHMENTS table that stores attachment data. Column Name Datatype Comment ATTACHMENT_ID integer...

  • Page 72: Configs_Rpt_V

    Column Name Datatype Comment EVT_NAME character varying(255) Event name character varying(255) Event resource SRES character varying(255) Event sub-resource character varying(500) Event message CREATED_BY integer User who created object MODIFIED_BY integer User who last modified object DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified 6.1.29 CONFIGS_RPT_V...

  • Page 73: Correlated_Events_Rpt_V (Legacy View)

    Column Name Datatype Comment EMAIL character varying(255) Contact email PAGER character varying(64) Contact pager CELL character varying(64) Contact cell phone DATE_CREATED timestamp with time Date the entry was created zone DATE_MODIFIED timestamp with time Date the entry was modified zone CREATED_BY integer User who created object...

  • Page 74: Cust_Hierarchy_V

    Column Name Datatype Comment DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer User who created object MODIFIED_BY integer User who last modified object 6.1.34 CUST_HIERARCHY_V View references CUST_HIERARCHY table that stores information about MSSP customer hierarchy.

  • Page 75: Entity_Type_Rpt_V

    6.1.36 ENTITY_TYPE_RPT_V View references ENTITY_TYP table that stores information about entity types (person, organization). Column Name Datatype Comment ENTITY_TYPE_CODE character varying(5) Entity type code ENTITY_TYPE_NAME character varying(50) Entity type name DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified...

  • Page 76: Esec_Content_Grp_Rpt_V

    Column Name Datatype Comment MODIFIED_BY integer User who last modified object 6.1.39 ESEC_CONTENT_GRP_RPT_V View contains information about Solution Packs. Column Name Datatype Comment CONTENT_GRP_ID uuid Content group identifier CONTENT_GRP_NAME character varying(255) Content group name CONTENT_GRP_DESC text Content group description CTRL_ID uuid Control identifier CONTENT_EXTERNAL_ID...

  • Page 77: Esec_Ctrl_Ctgry_Rpt_V

    Column Name Datatype Comment CONTENT_NAME character varying(255) Content name CONTENT_DESC text Content description CONTENT_STATE integer Content state CONTENT_TYP character varying(100) Content type CONTENT_CONTEXT text Content context CONTENT_HASH character varying(255) Content hash DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified...

  • Page 78: Esec_Display_Rpt_V

    Column Name Datatype Comment CTRL_NOTES text Control notes CTRL_CTGRY_ID uuid Control category identifier CONTENT_EXTERNAL_ID character varying(255) Content external identifier DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer User who created object MODIFIED_BY...

  • Page 79: Esec_Port_Reference_Rpt_V

    6.1.45 ESEC_PORT_REFERENCE_RPT_V View references ESEC_PORT_REFERENCE table that stores industry standard assigned port numbers. Column Name Datatype Comment PORT_NUMBER integer http://www.iana.org/assignments/port- numbers (http://www.iana.org/assignments/port- numbers), the numerical representation of the port. This port number is typically associated with the Transport Protocol level in the TCP/IP stack. PROTOCOL_NUMBER integer http://www.iana.org/assignments/protocol-...

  • Page 80: Esec_Sequence_Rpt_V

    Column Name Datatype Comment DATE_MODIFIED timestamp with time Date the entry was modified zone CREATED_BY integer User who created object MODIFIED_BY integer User who last modified object 6.1.47 ESEC_SEQUENCE_RPT_V View references ESEC_SEQUENCE table that’s used to generate primary key sequence numbers for SentinelRD tables.

  • Page 81: Events_All_Rpt_V1 (Legacy View)

    6.1.50 EVENTS_ALL_RPT_V1 (legacy view) This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2. View contains current events. 6.1.51 EVENTS_ALL_V (legacy view) This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2. View contains current events. 6.1.52 EVENTS_RPT_V (legacy view) This view is provided for backward compatibility.
  • Page 82 CUSTOM_TAG 3 integer Customer Tag 3 RESERVED_TAG_1 character varying(255) Reserved Tag 1 Reserved for future use by Novell. This field is used for Advisor information concerning attack descriptions. RESERVED_TAG_2 character varying(255) Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.
  • Page 83 User who last modified object RV01 - 10 integer Reserved Value 1 - 10 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. RV11 - 20...
  • Page 84 RV40 - 43 character varying(255) Reserved Value 40 - 43 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. RV44...
  • Page 85 Column Name Datatype Comment RV47 character varying(255) Reserved Value 47 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. RV48 character varying(255) Reserved Value 48 Reserved for DestinationOperationalContext.

  • Page 86: Events_Rpt_V3

    6.1.55 EVENTS_RPT_V3 This is the primary reporting view for SentinelRD. This view contains current event and historical events. Column Name Datatype Comment EVENT_ID uuid Event identifier RESOURCE_NAME character varying(255) Resource name SUB_RESOURCE character varying(255) Subresource name SEVERITY integer Event severity EVENT_PARSE_TIME timestamp with time zone Event time...
  • Page 87 Column Name Datatype Comment TARGET_SERVICE_PORT_NAME character varying(32) Target service port name INIT_USER_NAME character varying(255) User name TARGET_USER_NAME character varying(255) Target user name FILE_NAME character varying(1000) File name EXTENDED_INFO character varying(1000) Extended info INIT_USER_ID character varying(255) Initiator user ID INIT_USER_IDENTITY uuid Initiator user identity TARGET_USER_ID character varying(255)
  • Page 88 User who created object MODIFIED_BY integer User who last modified object RV01 integer Reserved Value 1 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. EVENT_METRIC integer Event metric...
  • Page 89 Column Name Datatype Comment INIT_THREAT_LEVEL character varying(255) Initiator treat level INIT_USER_DOMAIN character varying(255) Initiator user domain RV36 character varying(255) Reserved Value 36 INIT_FUNCTION character varying(255) Initiator function INIT_OPERATIONAL_CONTEXT character varying(255) Initiator operational context RV40 character varying(255) Reserved Value 40 TARGET_HOST_DOMAIN character varying(255) Target host domain INIT_HOST_DOMAIN...

  • Page 90: Evt_Agent_Rpt_V

    Column Name Datatype Comment CV35- CV100 character varying(255) Custom Value 35 - 100 Reserved for use by Customer, typically for association of Business relevant data. CUSTOMER_VAR_101- integer Customer variable 101 - 110 CUSTOMER_VAR_110 CUSTOMER_VAR_111- timestamp with time zone Customer variable 111 - 120 CUSTOMER_VAR_120 CUSTOMER_VAR_121- uuid...

  • Page 91: Evt_Agent_Rpt_V3

    Column Name Datatype Comment DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer User who created object MODIFIED_BY integer User who last modified object 6.1.57 EVT_AGENT_RPT_V3 View references EVT_AGENT table that stores information about Collectors. The column names in this view reflects the name change of Sensor to Observer.
  • Page 92 Column Name Datatype Comment EVENT_ASSET_ID bigint Event asset identifier CUST_ID bigint Customer identifier ASSET_NAME character varying(255) Asset name PHYSICAL_ASSET_NAME character varying(255) Physical asset name REFERENCE_ASSET_ID character varying(100) Reference asset identifier, links to source asset management system. MAC_ADDRESS character varying(100) MAC address RACK_NUMBER character varying(50) Rack number...

  • Page 93: Evt_Asset_Rpt_V3

    6.1.59 EVT_ASSET_RPT_V3 View references EVT_ASSET table that stores asset information. This view is designed for SentinelRD. Column Name Datatype Comment ASSET_CRITICALITY character varying(50) Asset criticality ASSET_CLASS character varying(100) Asset class ASSET_FUNCTION character varying(255) Asset function ASSET_DEPARTMENT character varying(100) Asset department DATE_CREATED timestamp with time zone Date the entry was created...

  • Page 94: Evt_Dest_Evt_Name_Smry_1_Rpt_V

    6.1.60 EVT_DEST_EVT_NAME_SMRY_1_RPT_V View summarizes event count by destination, taxonomy, event name, severity and event time. Column Name Datatype Comment DESTINATION_IP integer Destination IP address DESTINATION_EVENT_ASSET_ID bigint Event asset identifier TAXONOMY_ID bigint Taxonomy identifier EVENT_NAME_ID bigint Event name identifier SEVERITY integer Event severity CUST_ID bigint...

  • Page 95: Evt_Dest_Txnmy_Smry_1_Rpt_V

    Column Name Datatype Comment EVENT_TIME timestamp with time Event time zone XDAS_TAXONOMY_ID bigint XDAS Taxonomy identifier TARGET_USER_IDENTITY uuid User ID EVENT_COUNT integer Event count DATE_CREATED timestamp with time Date the entry was created zone DATE_MODIFIED timestamp with time Date the entry was modified zone CREATED_BY integer...

  • Page 96: Evt_Port_Smry_1_Rpt_V

    Column Name Datatype Comment EVENT_NAME_ID bigint Event name identifier EVENT_NAME character varying(255) Event name DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer User who created object MODIFIED_BY integer User who last modified object...

  • Page 97: Evt_Prtcl_Rpt_V3

    6.1.66 EVT_PRTCL_RPT_V3 View references EVT_PRTCL table that stores event protocol information. Column Name Datatype Comment PROTOCOL_ID bigint Protocol identifier PROTOCOL character varying(255) Protocol name DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer User who created object...

  • Page 98: Evt_Src_Collector_Rpt_V

    Column Name Datatype Comment MODIFIED_BY integer User who last modified object 6.1.69 EVT_SRC_COLLECTOR_RPT_V View contains information about the Event Source Management configuration. Column Name Datatype Comment EVT_SRC_COLLECTOR_ID uuid Event source collector identifier SENTINEL_PLUGIN_ID uuid SentinelRD plugin identifier EVT_SRC_MGR_ID uuid Event source manager identifier EVT_SRC_COLLECTOR_NAME character varying(255) Event source collector name...

  • Page 99: Evt_Src_Mgr_Rpt_V

    Column Name Datatype Comment DATE_MODIFIED timestamp with time zone Date the entry was modified 6.1.71 EVT_SRC_MGR_RPT_V View contains information about the Event Source Management configuration. Column Name Datatype Comment EVT_SRC_MGR_ID uuid Event source manager identifier SENTINEL_ID uuid SentinelRD identifier SENTINEL_HOST_ID uuid SentinelRD host identifier EVT_SRC_MGR_NAME...

  • Page 100: Evt_Src_Smry_1_Rpt_V

    Column Name Datatype Comment EVT_SRC_NAME character varying(255) Event source name EVT_SRC_GRP_ID uuid Event source group identifier STATE_IND boolean State indicator MAP_FILTER text Map filter EVT_SRC_CONFIG text Event source config CREATED_BY integer User who created object MODIFIED_BY integer User who last modified object DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED...

  • Page 101: Evt_Src_Srvr_Rpt_V

    Column Name Datatype Comment SOURCE_HOST_NAME character varying(255) Source host name 6.1.75 EVT_SRC_SRVR_RPT_V View contains information about the Event Source Management configuration. Column Name Datatype Comment EVT_SRC_SRVR_ID uuid Event source server identifier EVT_SRC_SRVR_NAME character varying(255) Event source server name EVT_SRC_MGR_ID uuid Event source manager identifier SENTINEL_PLUGIN_ID uuid...

  • Page 102: Evt_Usr_Rpt_V

    6.1.77 EVT_USR_RPT_V View references EVT_USR table that stores event user information. Column Name Datatype Comment USER_ID bigint User identifier USER_NAME character varying(255) User name USER_DOMAIN character varying(255) User domain CUST_ID bigint Customer identifier DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified...

  • Page 103: Hist_Correlated_Events_Rpt_V (Legacy View)

    Column Name Datatype Comment EXTERNAL_DATA_ID integer External data identifier SOURCE_NAME character varying(50) Source name SOURCE_DATA_ID character varying(255) Source data identifier EXTERNAL_DATA text External data EXTERNAL_DATA_TYPE character varying(10) External data type DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified...

  • Page 104: Incidents_Events_Rpt_V

    Average of all the event severities that comprise an incident. VULNERABILITY_RATING character varying(32) Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. 104 Sentinel 6.1 Rapid Deployment Reference Guide...

  • Page 105: Incidents_Vuln_Rpt_V

    Column Name Datatype Comment CRITICALITY_RATING character varying(32) Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. DATE_CREATED timestamp with time zone Date the entry was created...

  • Page 106: Logs_Rpt_V

    6.1.88 LOGS_RPT_V View references LOGS_RPT table that stores logging information. Column Name Datatype Comment LOG_ID integer Sequence number TIME timestamp with time zone Date of Log MODULE character varying(64) Module log is for TEXT character varying(4000) Log text 6.1.89 MSSP_ASSOCIATIONS_V View references MSSP_ASSOCIATIONS table that associates an number key in one table to a UUID in another table.

  • Page 107: Organization_Rpt_V

    6.1.91 ORGANIZATION_RPT_V View references ORGANIZATION table that stores organization (asset) information. Column Name Datatype Comment ORGANIZATION_ID uuid Organization identifier ORGANIZATION_NAME character varying(100) Organization name CUST_ID bigint Customer identifier DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer User who created object...

  • Page 108: Product_Rpt_V

    Column Name Datatype Comment LOCATION_ID bigint Location identifier NETWORK_IDENTITY_ID bigint Network identity code MAC_ADDRESS character varying(100) MAC address RACK_NUMBER character varying(50) Rack number ROOM_NAME character varying(100) Room name DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer...

  • Page 109: Rpt_Labels_Rpt_V

    6.1.96 RPT_LABELS_RPT_V View contains report label translations. Column Name Datatype Comment RPT_NAME character varying(100) Report name LABEL_1 - 35 character varying(2000) Translated report labels 6.1.97 SENSITIVITY_RPT_V View references SENSITIVITY_LKUP table that stores asset sensitivity information. Column Name Datatype Comment SENSITIVITY_ID bigint Asset sensitivity code SENSITIVITY_NAME...

  • Page 110: Sentinel_Plugin_Rpt_V

    6.1.99 SENTINEL_PLUGIN_RPT_V View contains data used internally by SentinelRD. Column Name Datatype Comment SENTINEL_PLUGIN_ID uuid SentinelRD plugin identifier SENTINEL_PLUGIN_NAME character varying(255) SentinelRD plugin name SENTINEL_PLUGIN_TYPE character varying(255) SentinelRD plugin type FILE_NAME character varying(512) File name CONTENT_PKG text Content package FILE_HASH character varying(255) File hash AUX_FILE_NAME...

  • Page 111: Unassigned_Incidents_Rpt_V

    Column Name Datatype Comment STT_ID integer State ID – sequence number CONTEXT character varying(64) Context of the state. That is case, incident, user. NAME character varying(64) Name of the state. TERMINAL_FLAG character varying(1) Indicates if state of incident is resolved. DATE_CREATED timestamp with time zone Date the entry was created...

  • Page 112: Usr_Account_Rpt_V

    Column Name Datatype Comment USR_ID integer User identifier – Sequence number NAME character varying(64) Short, unique user name used as a login CNT_ID integer Contact ID – Sequence number STT_ID integer State ID. Status is either active or inactive. DESCRIPTION character varying(512) Comments DATE_CREATED...

  • Page 113: Usr_Identity_Ext_Attr_Rpt_V

    Column Name Datatype Comment MODIFIED_BY integer User who last modified object 6.1.105 USR_IDENTITY_EXT_ATTR_RPT_V View contains extended attributes information from an identity management system, including name value pairs in the ATTRIBUTE_NAME and ATTRIBUTE_VALUE columns. Column Name Datatype Comment IDENTITY_GUID uuid Identity identifier ATTRIBUTE_NAME character varying(255) Attribute name...

  • Page 114: Vendor_Rpt_V

    Column Name Datatype Comment MODIFIED_BY integer User who last modified object 6.1.107 VENDOR_RPT_V View references VNDR table that stores information about asset product vendors. Column Name Datatype Comment VENDOR_ID bigint Vendor identifier VENDOR_NAME character varying(255) Vendor name DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY...

  • Page 115: Vuln_Info_Rpt_V

    Column Name Datatype Comment VULN_CODE_VALUE character varying(255) Vulnerability code value character varying(512) Web URL DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer User who created object MODIFIED_BY integer User who last modified object...

  • Page 116: Vuln_Rsrc_Rpt_V

    Column Name Datatype Comment VULN_SOLUTION text Vulnerability solution VULN_SUMMARY character varying(1000) Vulnerability summary BEGIN_EFFECTIVE_DATE timestamp with time zone Date from which the entry is valid END_EFFECTIVE_DATE timestamp with time zone Date until which the entry is valid DETECTED_OS character varying(64) Operating system of scanned machine DETECTED_OS_VERSION character varying(64)

  • Page 117: Vuln_Rsrc_Scan_Rpt_V

    Column Name Datatype Comment REGULATION character varying(128) Regulation REGULATION_RATING character varying(64) Regulation rating DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer User who created object MODIFIED_BY integer User who last modified object 6.1.113 VULN_RSRC_SCAN_RPT_V...

  • Page 118: Vuln_Scan_Vuln_Rpt_V

    6.1.115 VULN_SCAN_VULN_RPT_V View references VULN_SCAN_VULN table that stores vulnerabilities detected during scans. Column Name Datatype Comment SCAN_ID uuid Vulnerability scan identifier VULN_ID uuid Vulnerability identifier DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified CREATED_BY integer...

  • Page 119: Workflow_Info_Rpt_V

    Column Name Datatype Comment MODIFIED_BY integer User who last modified object 6.1.118 WORKFLOW_INFO_RPT_V Column Name Datatype Comment INFO_ID bigint Info identifier PROCESS_DEF_ID character varying(100) Process definition identifier PROCESS_INSTANCE_ID character varying(150) Process instance identifier DATE_CREATED timestamp with time zone Date the entry was created DATE_MODIFIED timestamp with time zone Date the entry was modified...
  • Page 120 120 Sentinel 6.1 Rapid Deployment Reference Guide...

  • Page 121: A Sentinel 6.1 Rapid Deployment Troubleshooting Checklist

    Checklist Table A-1 Checklist Item Example Novell Version V6.1 Rapid Deployment Novell Platform and OS Version SUSE Linux Enterprise Server 10 SP2 or later Database Platform and OS PostgreSQL 8.3 Version Sentinel Server Hardware...
  • Page 122 6 Is there a problem with the Database? Using Pgadmin*, can you log into the database? Does the database allow a Pgadmin login using the Novell dbauser account into the SIEM schema? Does querying on one of the table succeed? Does a select statement on a database table succeed? Check the JDBC drivers, their locations and class path settings.
  • Page 123 Is SDM being used to maintain the partitions and archive/delete the partitions to make more room in the database? Using SDM what is the current partition? Is it P_MAX? 7 Inspect whether the product environment settings are correct. Verify the sanity of User login shell scripts, environment variables, configurations, java home settings.
  • Page 124 124 Sentinel 6.1 Rapid Deployment Reference Guide...

  • Page 125: B Sentinel 6.1 Rapid Deployment Service Permission Tables

    Sentinel 6.1 Rapid Deployment Service Permission Tables The purpose of this document is to describe in detail various Sentinel Services and the Permissions they require for their functioning. B.1 Advisor Table C-1: Advisor Table B-1 Sentinel Sentinel Sentinel Function Permission Permission's required Component Service...

  • Page 126: Collector Manager

    B.2 Collector Manager Collector Manager Table B-2 Sentinel Sentinel Sentinel Function Permission Permissions required Component Service Process summary Explanation Collector Sentinel java Manages Network access (both Manager Connectors communicates outgoing access and agentengine and Collectors. local access to bind to with ActiveMQ (child process) It spawns off an...

  • Page 127: Correlation Engine

    B.3 Correlation Engine Correlation Engine Table B-3 Sentinel Sentinel Function Permission Sentinel Service Permission's required Component Process summary Explanation Correlation Sentinel java Receives Network access Engine events from the communicates File read access to: Collector over the Manager and network with <Install_Directo publishes ActiveMQ for...

  • Page 128: Data Access Server (Das)

    B.4 Data Access Server (DAS) DATA Access Server (DAS) Table B-4 Sentinel Sentinel Sentinel Permission Function summary Permission's required Component Service Process Explanation Sentinel java Responsible for Network access It connects to (das_binary) event insertion. the database Database Access to read and java Provides the insert data.

  • Page 129: Sentinel Communication Server

    B.5 Sentinel Communication Server Sentinel Communication Server Table B-5 Sentinel Sentinel Sentinel Permission Function summary Permission's required Component Service Process Explanation Communica Sentine java ActiveMQ: A Network access (binds It binds to local tion Server (Active Message Oriented ports to accept to port greater than (ActiveMQ / Middleware...

  • Page 130: Sentinel Service

    B.6 Sentinel Service Sentinel Service Table B-6 Sentinel Sentinel Sentinel Function Permission Permission's required Component Service Process summary Explanation Sentinel Sentinel wrapper Registers as a Network access It communicates Service service with the over the network File read access to: operating with ActiveMQ system and,...

  • Page 131: Reporting Engine

    B.7 Reporting Engine Reporting Engine Table B-7 Sentinel Sentinel Sentinel Permission's Sentinel Application Function summary Component Service Process required Reporting Web Interface Jasper Report engine Admin rights Engine is the reporting tool The Jasper with Sentinel 6.1 Reporting Service Rapid Deployment. needs The Jasper Reporting permissions to:...
  • Page 132 132 Sentinel 6.1 Rapid Deployment Reference Guide...

  • Page 133: C Sentinel 6.1 Rapid Deployment Log Locations

    Sentinel 6.1 Rapid Deployment Log Locations The purpose of this document is to provide information of the log file locations for the following components of Sentinel Section C.1, “Sentinel Data Manager,” on page 133 Section C.2, “iTRAC,” on page 133 Section C.3, “Advisor,”...

  • Page 134: Event Insertion

    <Install_Directory>/log/das_core0.*.log C.5 Event Insertion Logs activities related to event insertion into the database. <Install_Directory>/log/das_binary0.*.log C.6 Messaging Logs activities related to Messaging. <Install_Directory>/log/activemq.*.log C.7 Collector Manager Logs activities related to Collector Manager. For Windows: <Install_Directory>\log\collector_mgr0.*.log For UNIX: <Install_Directory>/log/collector_mgr0.*.log C.8 Correlation Engine Logs activities related to Correlation Engine.
  • Page 135 If other processes have log files for more than one instance running, that could indicate a system problem. Sentinel 6.1 Rapid Deployment Log Locations 135...
  • Page 136 136 Sentinel 6.1 Rapid Deployment Reference Guide...

This manual is also suitable for:

Sentinel rapid deployment 6.1

Table of Contents