Novell SENTINEL RAPID DEPLOYMENT 6.1 - REFERENCE GUIDE 06-15-2009 Reference Manual page 19

Default Label
CollectorManagerId
CollectorId
ConnectorId
EventSourceId
RawDataRecordId
ControlPack
EventMetricClass
InitIPCountry
TargetIPCountry
DeviceName
DeviceCategory
EventContext
InitThreatLevel
InitUserDomain
DataContext
InitFunction
Filters and Menu and Proprietary
Correlation Correlation Collector
Rules Actions Language
e.rv21 %rv21% s_RV21
e.rv22 %rv22% s_RV22
e.rv23 %rv23% S_RV23
e.rv24 %rv24% S_RV24
e.rv25 %rv25% S_RV25
e.rv26 %rv26% S_RV26
e.rv28 %rv28% s_RV28
e.rv29 %rv29% s_RV29
e.rv30 %rv30% s_RV30
e.rv31 %rv31% s_RV31
e.rv32 %rv32% s_RV32
e.rv33 %rv33% s_RV33
e.rv34 %rv34% s_RV34
e.rv35 %rv35% s_RV35
e.rv36 %rv36% s_RV36
e.rv37 %rv37% s_RV37
Data
Description
Type
UUID Unique identifier for the
Collector Manager which
generated this event.
UUID Unique identifier for the
Collector which generated
this event.
UUID Unique identifier for the
Connector which
generated this event.
UUID Unique identifier for the
Event Source which
generated this event.
UUID Unique identifier for the
Raw Data Record
associated with this event.
string Sentinel control
categorization level 1 (for
Solution Packs).
string Class of the event-
dependent numeric value.
string Country where the IPv4
address of the initiating
system is located.
string Country where the IPv4
address of the target
system is located.
string Name of the device
generating the event. If
this device is supported
by Advisor, the name
should match the name
known by Advisor. Used
in Exploit Detection.
string Device category (FW,
IDS, AV, OS, DB).
string Event context (threat
level).
string Initiator threat level.
string Domain (namespace) in
which the initiating
account exists.
string Data context.
string Initiator function.
Sentinel 6.1 Rapid Deployment Event Fields 19