Actions and Integrator
1 6
Section 16.1, "Overview," on page 365
Section 16.2, "Action Manager," on page 366
Section 16.3, "Action Plugins," on page 367
Section 16.4, "Actions," on page 379
Section 16.5, "Integrator Manager," on page 385
Section 16.6, "Integrator Plugins," on page 387
Section 16.7, "Integrators," on page 388
This section allows you to understand:
Integrator Manager
Action Manager
Action Plugins
Actions
Integrator Manager
Integrator Plugins
Integrators
16.1 Overview
Actions are used to execute some type of action in Sentinel, either manually or automatically. An
Action plugin framework was introduced in Sentinel 6.1. This framework consolidates several
disparate ways of executing actions in Sentinel 6.0. The same Action framework is now used to
execute actions in all of the following contexts:
When a deployed correlation rule fires (automatic)
When a user chooses the Action from within an Incident
When a user chooses a right-click menu option using an Action in an Active View or other
event table
The plugin framework has several advantages over the method for using JavaScript actions in
previous versions of Sentinel. Using the plugin framework:
There is no need to place the JavaScript file in a particular directory. The plugin is placed in a
central repository.
There is no need to manually distribute the file to multiple machines in a distributed
environment. The plugins are downloaded as needed.
Importing the updated plugin from one Sentinel Control Center machine is sufficient to update
the plugin everywhere it is used.
One or more configured Action instances can be created from an Action plugin using different
parameters.
16
Actions and Integrator
365