Novell SENTINEL RAPID DEPLOYMENT 6.1 - REFERENCE GUIDE 06-15-2009 Reference Manual page 18

Default Label
ExtendedInformation
ReporterHostName
ProductName
Message
DeviceAttackName
Rt2
Ct1 thru Ct2
Rt3
Ct3
CorrelatedEventUuids
CustomerHierarchyId
ReservedVar2 thru
ReservedVar10
ReservedVar11 thru
ReservedVar20
18 Sentinel 6.1 Rapid Deployment Reference Guide
Filters and Menu and Proprietary
Correlation Correlation Collector
Rules Actions Language
e.ei %ei% s_EI
e.rn %rn% s_RN
e.pn %pn% s_PN
e.msg %msg% s_BM
e.rt1 %rt1% s_RT1
e.rt2 %rt2% s_RT2
e.ct1 thru %ct1% s_CT1
e.ct2 thru
and
%ct2%
s_CT2
e.rt3 %rt3%
e.ct3 %ct3% s_CT3
e.ceu %ceu% s_RT3
e.rv1 %rv1% s_RV1
e.rv2 thru %rv2% s_RV2
thru
e.rv10 thru
%rv10%
s_RV10
e.rv11 thru %rv11% s_RV11
thru
e.rv20 thru
%rv20%
s_RV20
Data
Description
Type
string Stores additional
collector-processed
information. Values within
this variable are
separated by semi-colons
(;).
string Unqualified hostname of
the reporter of the event.
string Indicates the type, vendor
and product code name of
the sensor from which the
event was generated.
string Free-form message text
for the event.
string Device specific attack
name that matches attack
name known by Advisor.
Used in Exploit Detection.
string Reserved by Novell for
expansion.
string Reserved for use by
customers for customer-
specific data.
integer Reserved by Novell for
expansion.
integer Reserved for use by
customers for customer-
specific data.
string List of event UUIDs
associated with th
correlated event. Only
relevant for correlated
events.
integer Used for MSSPs.
integer Reserved by Novell for
expansion.
date Reserved by Novell for
expansion.