Sign In
Upload
Manuals
Brands
NOVELL Manuals
Software
SENTINEL 6.1 SP2 - 02-2010
NOVELL SENTINEL 6.1 SP2 - 02-2010 Manuals
Manuals and User Guides for NOVELL SENTINEL 6.1 SP2 - 02-2010. We have
1
NOVELL SENTINEL 6.1 SP2 - 02-2010 manual available for free PDF download: User Manual
NOVELL SENTINEL 6.1 SP2 - 02-2010 User Manual (528 pages)
Brand:
NOVELL
| Category:
Software
| Size: 12.3 MB
Table of Contents
Table of Contents
5
Preface
17
Sentinel Control Center
21
About Sentinel Control Center
21
Active Views
21
Incidents
22
Itrac
22
Analysis
22
Advisor
22
Admin
22
Correlation
23
Event Source Management
23
Solution Packs
24
Identity Integration
24
Log in to the Sentinel Control Center
24
Introduction to the User Interface
25
Menu Bar
26
Toolbar
26
Tabs
27
Frames
28
Navigating through Sentinel Control Center
28
Changing the Appearance of Sentinel Control Center
28
Saving User Preferences
30
Changing Password
30
Hostname Updates
30
Configuring the Attachment Viewer
32
Active Views Tab
35
Understanding Active Views
35
Introduction to the User Interface
36
Reconfiguring Total Display Time
39
Viewing Real Time Events
39
To Reset Parameters and Chart Type of an Active View
41
Rotating a 3D Bar or Ribbon Chart
43
Showing and Hiding Event Details
43
Sending Mail Messages about Events and Incidents
43
Creating Incidents
45
Viewing Events that Triggered Correlated Events
46
Investigating an Event or Events
47
Investigate - Event Query
47
Investigate - Graph Mapper
48
Historical Event Query
49
Active Browser
51
Viewing Advisor Data
53
Viewing Asset Data
54
Viewing Vulnerabilities
55
Ticketing System Integration
60
Viewing User Information
60
Using Custom Menu Options with Events
61
Managing Columns in a Snapshot or Navigator Window
61
Taking a Snapshot of a Navigator Window
62
Sorting Columns in a Snapshot
63
Closing a Snapshot or Navigator
63
Adding Events to an Incident
63
Correlation Tab
65
Understanding Correlation
65
Technical Implementation
66
Introduction to the User Interface
67
Correlation Rules
67
Opening the Correlation Rule Manager
68
Creating a Rule Folder
68
Renaming a Rule Folder
68
Creating a Correlation Rule
68
Creating Correlation Rules
69
Deploying/Undeploying Correlation Rules
76
Enabling/Disabling Rules
79
Renaming and Deleting a Correlation Rule
80
Moving a Correlation Rule
80
Importing a Correlation Rule
80
Exporting a Correlation Rule
81
Dynamic Lists
82
Adding a Dynamic List
83
Modifying a Dynamic List
84
Deleting a Dynamic List
84
Removing Dynamic List Elements
84
Using a Dynamic List in a Correlation Rule
84
Correlation Engine
85
Starting or Stopping Correlation Engine
86
Renaming Correlation Engine
86
Correlation Actions
86
Configure Correlated Event
87
Add to Dynamic List
88
Remove from Dynamic List
89
Execute a Command
90
Create Incident
91
Send Email
92
Imported Javascript Action Plugins
92
Incidents Tab
93
Understanding an Incident
93
Introduction to User Interface
93
Incident View
94
Incident
94
Manage Incident Views
95
Adding a View
95
Modifying a View
98
Deleting a View
99
Default View
99
Manage Incidents
99
Creating Incidents
100
Viewing an Incident
101
Attaching Workflows to Incidents
101
Adding Notes to Incidents
101
Adding Attachments to Incidents
101
Executing Incident Actions
102
Emailing an Incident
104
Modifying Incidents
105
Deleting Incidents
106
Switch between Existing Incident Views
106
Chapter 5, "Itrac Workflows," on
107
Itrac Workflows
107
Understanding Itrac Workflows
107
Introduction to the User Interface
108
Template Manager
109
Default Templates
109
Template Builder Interface
110
Creating Templates
112
Managing Templates
113
Steps
114
Start Step
114
Manual Steps
114
Decision Steps
118
Mail Steps
118
Command Steps
118
Activity Steps
119
End Step
120
Adding Steps to a Workflow
120
Managing Steps
121
Transitions
125
Unconditional Transitions
125
Conditional Transitions
126
Else Transitions
130
Timeout Transitions
131
Alert Transitions
131
Error Transition
132
Managing Transitions
132
Activities
133
Incident Command Activity
134
Incident Internal Activity
134
Incident Composite Activity
135
Creating Itrac Activities
135
Managing Activities
140
Process Management
142
Instantiating a Process
142
Automatic Step Execution
142
Manual Step Execution
142
Display Status
143
Displaying Status of a Process
143
Changing Views in Process Manager
144
Starting or Terminating a Process
145
Work Items
147
Understanding Work Items
147
Work Item Summary
147
Processing a Work Item
150
Accepting a Work Item
150
Manage Work Items of Other Users
151
Analysis Tab
153
Understanding Analysis
153
Introduction to the User Interface
153
Top Ten Reports
154
Running a Report from Crystal Reports Server
156
Running an Event Query Report
156
Offline Query
156
Creating an Offline Query
157
Viewing, Exporting or Deleting an Offline Query
157
Chapter 2, "Active Views Tab," on
157
Advisor Usage and Maintenance
159
Understanding Advisor
159
Understanding Exploit Detection
160
How Exploit Detection Works
160
Generating the Exploit Detection File
162
Viewing the Events
162
Introduction to the Advisor User Interface
162
The Advisor Window
163
Processing the Advisor Feed
164
Configuring the Advisor Products for Exploit Detection
165
Downloading the Advisor Feed
166
Configuring the Sentinel Server for Automated Downloads
166
Downloading the Advisor Feed Manually
167
Viewing the Advisor Status
167
Viewing the Advisor Data
169
Advisor Reports
170
Generating the Advisor Reports
170
Viewing the Advisor Reports
170
Resetting the Advisor Password
171
Deleting the Advisor Data
171
Advisor Audit Events
171
Download Manager
173
Understanding the Download Manager User Interface
173
Creating a Download Configuration
174
Editing a Download Configuration
176
Downloading the Feed Instantly
177
Deleting a Download Configuration
177
Audit Events for the Download Manager
177
Chapter 10, "Event Source Management," on
179
Plugin Repository
180
Introduction to the User Interface
180
Menu Bar
181
Tool Bar
182
Zoom
182
Frames
183
Live View
187
Graphical ESM View
188
Tabular ESM View
190
Right-Click Menu
190
Components of Event Source Hierarchy
192
Component Status Indicators
193
Adding Components to Event Source Hierarchy
194
Collectors
194
Debugging
211
Collector Workspace and Collector Directory
212
Debugging Proprietary Collectors
212
Debugging Javascript Collectors
214
Generating a Flat File Using the Raw Data Tap
218
Export Configuration
219
Import Configuration
221
Enable/Disable Import Configuration
221
Reset Layout
224
Undo Layout
224
Redo Layout
225
Event Source Management Scratchpad
225
Comparison between Sentinel 5.X and Sentinel 6.0
225
Event Source Management
179
Understanding Event Source Management
179
Administration
227
Understanding Admin Tab
227
Introduction to User Interface
228
Crystal Report Configuration
229
Servers View
231
Monitoring a Process
232
Creating a Servers View
233
Starting, Stopping and Restarting Processes
233
Filters
234
Public Filters
234
Private Filters
234
Global Filters
235
Configuring Public and Private Filters
237
Color Filter Configuration
240
Configure Menu Options
243
Adding an Option to the Event Menu
245
Cloning an Event Menu Option
246
Modifying an Event Menu Option
247
Viewing Event Menu Option Parameters
247
Activating or Deactivating an Event Menu Option
247
Rearranging Event Menu Options
248
Deleting an Event Menu Option
248
Editing Your Event Menu Browser Settings
248
DAS Statistics
249
Mapping
251
Adding Map Definitions
252
Adding a Number Range Map Definition
254
Editing Map Definitions
257
Deleting Map Definitions
258
Updating Map Data
259
Event Configuration
261
Event Mapping
261
Renaming Tags
265
Report Data Configuration
266
User Configurations
271
Oracle and Microsoft SQL 2005 Authentication
271
Windows Authentication
271
Opening the User Manager Window
272
Creating a User Account
272
Modifying a User Account
276
Viewing Details of a User Account
277
Cloning a User Account
277
Deleting a User Account
277
Terminating an Active Session
277
Adding an Itrac Role
278
Deleting an Itrac Role
278
Viewing Details of a Role
279
Sentinel Data Manager
281
Understanding Sentinel Data Manager
281
Starting the SDM GUI
281
Partitions Tab
283
Tablespaces Tab
286
Partition Configuration
287
SDM Command Line
289
General Syntax of the SDM Command
289
Starting SDM GUI
289
Viewing Sentinel Database Space Usage
289
Utilities
291
Introduction to Sentinel Utilities
291
Starting and Stopping Sentinel Server
291
Starting a Sentinel Server
292
Stopping a Sentinel Server
292
Sentinel Scripts
292
Operational Scripts
293
Troubleshooting Scripts
295
Version Information
298
Executable Version Information
298
Sentinel .Dll and .Exe File Version Information
299
Sentinel .Jar Version Information
299
Database Cleanup
299
Components
300
Prerequisites
301
Updating Your License Key
304
Quick Start
307
Security Analysts
307
Active Views Tab
307
Exploit Detection
308
Asset Data
308
Chapter 8, "Advisor Usage and Maintenance," on
308
Event Query
309
Creating Incidents
310
Itrac
312
Instantiating a Process
312
Chapter 3, "Correlation Tab," on
312
Chapter 4, "Incidents Tab," on
312
Report Analyst
325
Analysis Tab
325
Administrators
326
Simple Correlation
326
Solution Packs
331
Components of a Solution Pack
331
Permissions for Using Solution Packs
333
Solution Manager
334
Solution Manager Interface
334
Managing Solution Packs
336
Importing Solution Packs
336
Opening Solution Packs
338
Installing Content from Solution Packs
340
Implementing Controls
348
Testing Controls
349
Uninstalling Controls
350
Viewing Solution Pack Status
351
Deleting Solution Packs
353
Solution Designer
354
Solution Designer Interface
354
Connection Modes
356
Creating a Solution Pack
357
Managing Content Hierarchy Nodes
357
Adding Content to a Solution Pack
358
Documenting a Solution Pack
362
Editing a Solution Pack
363
Deploying an Edited Solution Pack
364
Actions and Integrator
365
Overview
365
Action Manager
366
Permissions for Using Action Plugins
366
Action Plugins
367
Importing Javascript Action Plugins
367
Importing Javascript Files
370
Actions
379
Creating Actions
379
Editing Actions
380
Deleting Actions
380
Using Javascript Actions
381
Developing Javascript Actions
381
Chapter 11, "Administration," on
381
Integrator Manager
385
Permissions for Using Integrators
386
Integrator Plugins
387
Importing Integrator Plugins
387
Integrators
388
Deleting Integrator Plugins
388
Creating an Integrator Instance
388
Editing an Integrator Instance
388
Deleting an Integrator Instance
389
Integrator Connection Status
389
Viewing Integrator Health Details
389
Integrator Events Query
391
Using Integrators from Actions
392
Sentinel Link Solution
393
Benefits
393
Supported Platforms
393
Prerequisite
393
Configuring Sentinel Link
394
Configuring Sentinel Systems for Receiving Events
394
Accessing Event Source Management
394
Setting up a Sentinel Link Connection
395
Configuring Sentinel Systems for Sending Events
411
Configuring Sentinel Log Manager as a Sender
411
Configuring Sentinel or Sentinel Rapid Deployment System as a Sender
416
Verifying a Sentinel Link
428
Identity Integration
431
Overview
431
Integration with Novell Identity Manager
432
Identity Browser
434
Searching Profiles
435
Viewing Profile Details
436
Reports
439
A Sentinel Architecture
441
Sentinel Features
441
Functional Architecture
441
A.1 Sentinel Features
441
A.2 Functional Architecture
441
Architecture Overview
442
Iscale Platform
442
A.3 Architecture Overview
442
A.3.1 Iscale Platform
442
Sentinel Event
444
A.3.2 Sentinel Event
444
Event Source Management
447
Application Integration
448
Time
448
A.3.4 Application Integration
448
A.3.5 Time
448
System Events
449
A.3.6 System Events
449
Processes
450
A.3.7 Processes
450
Logical Architecture
452
A.4 Logical Architecture
452
Collection and Enrichment Layer
453
Business Logic Layer
456
A.4.3 Presentation Layer
464
Presentation Layer
464
Appendix B, "System Events for Sentinel," on
450
B System Events for Sentinel
467
Advisor Audit Events
467
Advisor Update Successful
467
Advisor Update Failure
467
Download Manager Audit Events
468
Download Successful
468
Download Failed
468
B.2.1 Download Successful
468
B.2.2 Download Failed
468
Download Config Updated
469
Download Config Added
469
Download Config Removed
469
Authentication Events
469
Authentication
469
B.3 Authentication Events
469
B.3.1 Authentication
469
Creating Entry for External User
470
Duplicate User Objects
470
Failed Authentication
470
B.3.4 Failed Authentication
470
Locked Account
471
B.3.5 Locked Account
471
No such User Event
471
Too Many Active Users
472
User Discovered
472
User Logged in
472
B.3.8 User Discovered
472
B.3.9 User Logged in
472
User Logged out
473
User Management
473
Add Users to Role
473
B.4 User Management
473
Create Role
474
Create User
474
B.4.2 Create Role
474
B.4.3 Create User
474
Creating User Account
474
Delete Role
475
B.4.5 Delete Role
475
Deleting User Account
475
Locking User Account
475
Remove Users from Role
476
Resetting Password
476
B.4.9 Resetting Password
476
Unlocking User Account
476
Updating User
477
B.4.11 Updating User
477
Database Event Management
477
Database Space Reached Specified Percent Threshold
477
Database Space Reached Specified Time Threshold
477
Database Space very Low
478
Error Inserting Events
478
Error Moving Completed File
478
Error Processing Event Message
479
Error Saving Failed Events
479
Event Insertion Is Blocked
479
Event Insertion Is Resumed
480
Event Message Queue Overflow
480
Event Processing Failed
481
No Space in the Database
481
Opening Archive File Failed
481
Partition Configuration
482
B.5.14 Partition Configuration
482
Writing to Archive File Failed
482
Writing to the Overflow Partition (P_MAX)
482
Database Aggregation
483
Creating Summary
483
Deleting Summary
483
Disabling Summary
483
B.6.1 Creating Summary
483
B.6.2 Deleting Summary
483
B.6.3 Disabling Summary
483
B.6 Database Aggregation
483
Enabling Summary
484
Error Inserting Summary Data into the Database
484
Saving Summary
484
Mapping Service
484
B.6.4 Enabling Summary
484
B.6.5 Error Inserting Summary Data into the Database
484
B.6.6 Saving Summary
484
B.7 Mapping Service
484
B.7.1 Error
485
B.7.2 Error Applying Incremental Update
485
B.7.3 Error Initializing Map with ID
485
Error
485
Error Applying Incremental Update
485
Error Initializing Map with ID
485
Error Refreshing Map
486
Error Saving Data File
486
Get File Size
486
Loaded Large Map
487
Long Time to Load Map
487
Out of Sync Detected
487
Refreshing Map from Cache
488
Refreshing Map from Server
488
Save Data File
489
Saved Data File
489
Timed out Waiting for Callback
489
B.7.16 Update
490
Timeout Refreshing Map
490
Update
490
Update
491
Event Router
491
B.7.17 Update
491
B.8 Event Router
491
Event Router Is Initializing
491
Event Router Is Running
491
Event Router Is Stopping
492
Event Router Is Terminating
492
Correlation Engine
492
B.9 Correlation Engine
492
Correlation Action Definition
493
Correlation Engine Configuration
493
Correlation Engine Is Running
493
B.9.5 Correlation Rule
494
Correlation Engine Is Stopped
494
Correlation Rule
494
Correlation Rule Configuration
494
B.9.8 Disabling Rule
495
B.9.9 Enabling Rule
495
Deploy Rules with Actions to Engine
495
Disabling Rule
495
Enabling Rule
495
Rename Correlation Engine
496
Rule Deployment Is Modified
496
Rule Deployment Is Started
496
B.9.14 Starting Engine
497
B.9.15 Stopping Engine
497
Rule Deployment Is Stopped
497
Starting Engine
497
Stopping Engine
497
B.9.17 Undeploy Rule
498
Undeploy All Rules from Engine
498
Undeploy Rule
498
Update Correlation Rule Actions
498
Event Source Management-General
498
Collector Manager Initialized
499
Collector Manager Is down
499
Collector Manager Started
499
Collector Manager Stopped
500
Collector Service Callback
500
Cyclical Dependency
500
B.10.6 Cyclical Dependency
500
Event Source Manager Callback
501
Initializing Collector Manager
501
Lost Contact with Collector Manager
501
No Data Alert
502
Persistent Process Died
502
Persistent Process Restarted
502
Port Start
503
Port Stop
503
Reestablished Contact with Collector Manager
503
Restart Plugin Deployments
504
Restarting Collector Manager (Cold Restart)
504
Restarting Collector Manager (Warm Restart)
504
Start Event Source Group
505
Start Event Source Manager
505
Starting Collector Manager
505
Stop Event Source Group
506
Stop Event Source Manager
506
Stopping Collector Manager
506
Event Source Management-Event Sources
506
Start Event Source
507
Stop Event Source
507
Event Source Management-Collectors
507
Start Collector
507
B.12.1 Start Collector
507
Stop Collector
508
B.12.2 Stop Collector
508
Event Source Management-Event Source Servers
508
Start Event Source Server
508
Stop Event Source Server
508
Stop Event Source Server
509
Event Source Management-Connectors
509
Data Received after Timeout
509
Data Timeout
509
B.14.2 Data Timeout
509
File Rotation
510
B.14.3 File Rotation
510
Process Auto Restart Error
510
Process Start Error
511
Process Stop
511
B.14.6 Process Stop
511
WMI Connector Status Message
511
Active Views
511
Active View Created
512
Active View Joined
512
Active View no Longer Permanent
512
Active View Now Permanent
513
Idle Active View Removed
513
Idle Permanent Active View Removed
513
Data Objects
514
Activity Definition
514
Configuration
514
B.16.1 Activity Definition
514
B.16.2 Configuration
514
Viewing Configuration Store
515
Write Data
515
B.16.4 Write Data
515
Activities
515
Creating an Activity
515
B.17.1 Creating an Activity
515
Deleting an Activity
516
Saving an Activity
516
B.17.2 Deleting an Activity
516
B.17.3 Saving an Activity
516
Incidents and Workflows
516
Add Events to Incident
516
Adding Process Definition
517
Create Incident
517
Creating Group
517
B.18.3 Create Incident
517
B.18.4 Creating Group
517
Creating User
518
Delete Incident
518
Deleting Group
518
B.18.5 Creating User
518
B.18.6 Delete Incident
518
B.18.7 Deleting Group
518
Deleting Process Definition
519
Deleting User
519
B.18.9 Deleting User
519
E-Mail Incident
519
Get Incident
520
Save Incident
520
Saving Group
520
Saving Process Definition
521
Viewing Process Definition
521
General
521
Configuration Service
521
B.19.1 Configuration Service
521
Controlled Process Is Started
522
Controlled Process Is Stopped
522
Importing Auxiliary
522
B.19.4 Importing Auxiliary
522
Importing Plugin
523
B.19.5 Importing Plugin
523
Load Esec Taxonomy to XML
523
Process Auto Restart Error
523
Process Restarts
524
B.19.8 Process Restarts
524
Proxy Client Registration Service (Medium)
524
Restarting Process
524
Restarting Processes
525
Starting Process
525
Starting Processes
525
Stopping Process
526
B.19.15 Stopping Processes
526
B.19.16 Store Esec Taxonomy from XML
526
B.19.17 Watchdog Process Is Started
526
B.19.18 Watchdog Process Is Stopped
527
Advertisement
Advertisement
Related Products
NOVELL CLIENT FOR LINUX 2.0 SP2 - 03-2009
NOVELL ACCESS MANAGER 3.1 SP2 - J2EE AGENT GUIDE 2010
NOVELL BUSINESS CONTINUITY CLUSTERING 1.1 SP1 - 9-21-2010 ADMINISTRATION GUIDE FOR OPEN ENTERPRISE SERVER 1 SP2 LINUX
NOVELL CLIENT FOR LINUX 2.0 SP1 - 08-2008
NOVELL CLIENT FOR LINUX 2.0 SP3 - 11-2009
NOVELL SP2 - S
NOVELL SUSE LINUX ENTERPRISE DESKTOP 11 SP1 - 8-18-2010 VIRTUALIZATION WITH ZEN
NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - NETWORK DISCOVERY DATABASE STRUCTURE
Novell SUSE LINUX Retail Solution 8
Novell SUSE Linux Enterprise Server 10 Service Pack 2
NOVELL Categories
Software
Server
Desktop
Printer
Recording Equipment
More NOVELL Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL