Table of Contents
Advertisement
Advisor Usage and Maintenance
8
Sentinel
Advisor, powered by Security Nexus*, is an optional data subscription service that
TM
provides device-level correlation between real-time events, from intrusion detection and prevention
systems, and from enterprise vulnerability scan results. Advisor acts as an early warning service and
detects attacks against vulnerable systems by providing normalized attack information. It also
provides the associated remediation information.
Advisor subscription is optional. However, it is necessary if you want to use the Sentinel Exploit
Detection or the Advisor Reporting features.
Section 8.1, "Understanding Advisor," on page 159
Section 8.2, "Understanding Exploit Detection," on page 160
Section 8.3, "Introduction to the Advisor User Interface," on page 162
Section 8.4, "Downloading the Advisor Feed," on page 166
Section 8.5, "Viewing the Advisor Status," on page 167
Section 8.6, "Viewing the Advisor Data," on page 169
Section 8.7, "Advisor Reports," on page 170
Section 8.8, "Resetting the Advisor Password," on page 171
Section 8.9, "Deleting the Advisor Data," on page 171
Section 8.10, "Advisor Audit Events," on page 171
8.1 Understanding Advisor
The Advisor service and its corresponding Exploit Detection feature depend on the mappings
between the attacks against enterprise assets and the known vulnerabilities of those assets. The
Advisor and the Exploit Detection features require the following data to work with the Advisor
products:
Vulnerability scan data: The vulnerability scanners check enterprise assets for known
vulnerabilities. The scanned data can then be loaded into the Sentinel database to serve as
referential information, by using the Collectors that support Advisor.
Advisor mapping data: The Advisor data contains information about known threats,
including attacks and vulnerabilities. The Advisor service gathers information from various
vulnerability and intrusion detection vendors, and creates mappings between abstract
vulnerabilities and attacks.
Security Nexus provides the Advisor feed data that contains information about known security
vulnerabilities and threats, and also provides normalization of intrusion detection signatures
and vulnerability scans. The Advisor data feed is updated on a regular basis as new attacks and
vulnerabilities are reported. The updates are available at the
/secure-www.novell.com/sentinel/download/advisor/).
NOTE: With Sentinel 6.1 SP2 or later, the initial Advisor data feed is installed by default on
the Sentinel 6.1 server at
purchase an additional license from Novell
$ESEC_HOME/data/updates/advisor
®
to download the updated Advisor feed.
Novell download Web site (https:/
. However, you must
Advisor Usage and Maintenance
8
159
Advertisement
Table of Contents
