Actions And Integrator; Overview - Novell SENTINEL 6.1 SP2 - 02-2010 User Manual

Actions and Integrator

1 6
 Section 16.1, "Overview," on page 365
Section 16.2, "Action Manager," on page 366

Section 16.3, "Action Plugins," on page 367

 Section 16.4, "Actions," on page 379
Section 16.5, "Integrator Manager," on page 385

Section 16.6, "Integrator Plugins," on page 387

 Section 16.7, "Integrators," on page 388
This section allows you to understand:
 Integrator Manager
Action Manager

Action Plugins

 Actions
Integrator Manager

Integrator Plugins

 Integrators

16.1 Overview

Actions are used to execute some type of action in Sentinel, either manually or automatically. An
Action plugin framework was introduced in Sentinel 6.1. This framework consolidates several
disparate ways of executing actions in Sentinel 6.0. The same Action framework is now used to
execute actions in all of the following contexts:
When a deployed correlation rule fires (automatic)

When a user chooses the Action from within an Incident

When a user chooses a right-click menu option using an Action in an Active View or other

event table
The plugin framework has several advantages over the method for using JavaScript actions in
previous versions of Sentinel. Using the plugin framework:
There is no need to place the JavaScript file in a particular directory. The plugin is placed in a

central repository.
 There is no need to manually distribute the file to multiple machines in a distributed
environment. The plugins are downloaded as needed.
Importing the updated plugin from one Sentinel Control Center machine is sufficient to update

the plugin everywhere it is used.
One or more configured Action instances can be created from an Action plugin using different
parameters.
16
Actions and Integrator 365