Table of Contents
Advertisement
Default Label
InitOperationalContext
MSSPCustomerName
VendorEventCode
TargetHostDomain
InitDomain
ReservedVar43
TargetThreatLevel
TargetUserDomain
VirusStatus
TargetFunction
TargetOperationalContext
TaxonomyLevel4
CustomerHierarchyLevel2
VirusStatus
InitMacAddress
InitNetworkIdentity
InitAssetFunction
InitAssetValue
InitAssetCriticality
20
Sentinel 6.1 Rapid Deployment Reference Guide
Filters and
Menu and
Proprietary
Correlation
Correlation
Collector
Rules
Actions
Language
e.rv38
%rv38%
s_RV38
e.rv39
%rv39%
s_RV39
e.rv40
%rv40%
s_RV40
e.rv41
%rv41%
s_RV41
e.rv42
%rv42%
s_RV42
e.rv43
%rv43%
s_RV43
e.rv44
%rv44%
s_RV44
e.rv45
%rv45%
s_RV45
e.rv46
%rv46%
s_RV46
e.rv47
%rv47%
s_RV47
e.rv48
%rv48%
s_RV48
e.rv53
%rv53%
s_RV53
e.rv54
%rv54%
s_RV54
e.rv56
%rv56%
s_RV56
e.rv57
%rv57%
s_RV57
e.rv58
%rv58%
s_RV58
e.rv60
%rv60%
s_RV60
e.rv61
%rv61%
s_RV61
e.rv62
%rv62%
s_RV62
Data
Description
Type
string
Initiator operational
context.
string
MSSP customer name.
string
Event code reported by
device vendor.
string
Domain portion of the
target system's fully-
qualified hostname.
string
Domain portion of the
initiating system's fully-
qualified hostname.
string
Reserved by Novell for
expansion.
string
Target threat level.
string
Domain (namespace) in
which the target account
exists..
string
Virus status.
string
Target function.
string
Target operational
context.
string
Sentinel event code
categorization - level 4.
string
Customer Hierarchy Level
2 (used by MSSPs).
string
Virus Status.
string
Initiator Mac Address.
Part of initiator host asset
data.
string
Initiator Network Identity.
Part of initiator host asset
data.
string
Function of the initiating
system (fileserver,
webserver, etc.).
string
Initiator Asset Value. Part
of initiator host asset data.
string
Criticality of the initiating
system (0-5).
Advertisement
Table of Contents
Need help?
Do you have a question about the SENTINEL RAPID DEPLOYMENT 6.1 - REFERENCE GUIDE 06-15-2009 and is the answer not in the manual?