Novell SENTINEL RAPID DEPLOYMENT 6.1 - REFERENCE GUIDE 06-15-2009 Reference Manual page 16

Labels and Meta-tags used in Sentinel Control Center and proprietary Collector language
Table 1-1
Default Label
DeviceEventTimeString
DeviceEventTime
SentinelProcessTime
BeginTime
EndTime
RepeatCount
EventTime
SentinelServiceID
Severity
Vulnerability
Criticality
InitIP
TargetIP
Collector
16 Sentinel 6.1 Rapid Deployment Reference Guide
Filters and Menu and Proprietary
Correlation Correlation Collector
Rules Actions Language
e.et %et% s_ET
e.det %det%
e.spt %spt%
e.bgnt %bgnt% s_BGNT
e.endt %endt% s_ENDT
e.rc %rc% s_RC
e.dt %dt%
e.src %src%
e.sev %sev% i_Severity
e.vul %vul% s_VULN
e.crt %crt% s_CRIT
e.sip %sip% s_SIP
e.dip %dip% s_DIP
e.port %port%
Data
Description
Type
string The normalized date and
time of the event, as
reported by the sensor.
date The normalized date and
time of the event, as
reported by the sensor.
date The date and time
Sentinel received the
event.
date The date and time the
event started occurring
(for repeated events).
date The date and time the
event stopped occurring
(for repeated events).
integer The number of times the
same event occurred if
multiple occurrences were
consolidated.
date The normalized date and
time of the event, as given
by the Collector.
UUID Unique identifier for the
Sentinel service which
generated this event.
integer The normalized severity
of the event (0-5).
integer The vulnerability of the
asset identified in this
event. Set to 1 if Sentinel
detects an exploit against
a vulnerable system.
Requires Advisor.
integer The criticality of the asset
identified in this event.
IPv4 IPv4 address of the
initiating system.
IPv4 IPv4 address of the target
system.
string Name of the Collector that
generated this event.