NOVELL SENTINEL 6.1 SP2 - 02-2010 Manuals

Manuals and User Guides for NOVELL SENTINEL 6.1 SP2 - 02-2010. We have 1 NOVELL SENTINEL 6.1 SP2 - 02-2010 manual available for free PDF download: User Manual

NOVELL SENTINEL 6.1 SP2 - 02-2010 User Manual

NOVELL SENTINEL 6.1 SP2 - 02-2010 User Manual (528 pages)

Brand: NOVELL | Category: Software | Size: 12.3 MB

Table of Contents

Table of Contents
5
Preface

17
Sentinel Control Center

21
- About Sentinel Control Center
  21
  - Active Views
    21
  - Incidents
    22
  - Itrac
    22
  - Analysis
    22
  - Advisor
    22
  - Admin
    22
  - Correlation
    23
  - Event Source Management
    23
  - Solution Packs
    24
  - Identity Integration
    24
- Log in to the Sentinel Control Center
  24
- Introduction to the User Interface
  25
  - Menu Bar
    26
  - Toolbar
    26
  - Tabs
    27
  - Frames
    28
  - Navigating through Sentinel Control Center
    28
  - Changing the Appearance of Sentinel Control Center
    28
  - Saving User Preferences
    30
  - Changing Password
    30
  - Hostname Updates
    30
  - Configuring the Attachment Viewer
    32
Active Views Tab

35
Correlation Tab

65
- Understanding Correlation
  65
  - Technical Implementation
    66
- Introduction to the User Interface
  67
- Correlation Rules
  67
- Dynamic Lists
  82
- Correlation Engine
  85
  - Starting or Stopping Correlation Engine
    86
  - Renaming Correlation Engine
    86
- Correlation Actions
  86
  - Configure Correlated Event
    87
  - Add to Dynamic List
    88
  - Remove from Dynamic List
    89
  - Execute a Command
    90
  - Create Incident
    91
  - Send Email
    92
  - Imported Javascript Action Plugins
    92
Incidents Tab

93
- Understanding an Incident
  93
- Introduction to User Interface
  93
  - Incident View
    94
  - Incident
    94
- Manage Incident Views
  95
  - Adding a View
    95
  - Modifying a View
    98
  - Deleting a View
    99
  - Default View
    99
- Manage Incidents
  99
  - Creating Incidents
    100
  - Viewing an Incident
    101
  - Attaching Workflows to Incidents
    101
  - Adding Notes to Incidents
    101
  - Adding Attachments to Incidents
    101
  - Executing Incident Actions
    102
  - Emailing an Incident
    104
  - Modifying Incidents
    105
  - Deleting Incidents
    106
- Switch between Existing Incident Views
  106
Chapter 5, "Itrac Workflows," on

107
Itrac Workflows

107
- Understanding Itrac Workflows
  107
- Introduction to the User Interface
  108
- Template Manager
  109
  - Default Templates
    109
- Template Builder Interface
  110
  - Creating Templates
    112
  - Managing Templates
    113
- Steps
  114
  - Start Step
    114
  - Manual Steps
    114
  - Decision Steps
    118
  - Mail Steps
    118
  - Command Steps
    118
  - Activity Steps
    119
  - End Step
    120
  - Adding Steps to a Workflow
    120
  - Managing Steps
    121
- Transitions
  125
  - Unconditional Transitions
    125
  - Conditional Transitions
    126
  - Else Transitions
    130
  - Timeout Transitions
    131
  - Alert Transitions
    131
  - Error Transition
    132
  - Managing Transitions
    132
- Activities
  133
  - Incident Command Activity
    134
  - Incident Internal Activity
    134
  - Incident Composite Activity
    135
  - Creating Itrac Activities
    135
  - Managing Activities
    140
- Process Management
  142
  - Instantiating a Process
    142
  - Automatic Step Execution
    142
  - Manual Step Execution
    142
  - Display Status
    143
  - Displaying Status of a Process
    143
  - Changing Views in Process Manager
    144
  - Starting or Terminating a Process
    145
Work Items

147
- Understanding Work Items
  147
  - Work Item Summary
    147
- Processing a Work Item
  150
  - Accepting a Work Item
    150
- Manage Work Items of Other Users
  151
Analysis Tab

153
- Understanding Analysis
  153
- Introduction to the User Interface
  153
  - Top Ten Reports
    154
  - Running a Report from Crystal Reports Server
    156
  - Running an Event Query Report
    156
- Offline Query
  156
  - Creating an Offline Query
    157
  - Viewing, Exporting or Deleting an Offline Query
    157
Chapter 2, "Active Views Tab," on

157
Advisor Usage and Maintenance

159
- Understanding Advisor
  159
- Understanding Exploit Detection
  160
  - How Exploit Detection Works
    160
  - Generating the Exploit Detection File
    162
  - Viewing the Events
    162
- Introduction to the Advisor User Interface
  162
- Downloading the Advisor Feed
  166
  - Configuring the Sentinel Server for Automated Downloads
    166
  - Downloading the Advisor Feed Manually
    167
- Viewing the Advisor Status
  167
- Viewing the Advisor Data
  169
- Advisor Reports
  170
  - Generating the Advisor Reports
    170
  - Viewing the Advisor Reports
    170
- Resetting the Advisor Password
  171
- Deleting the Advisor Data
  171
- Advisor Audit Events
  171
Download Manager

173
Chapter 10, "Event Source Management," on

179
- Plugin Repository
  180
- Introduction to the User Interface
  180
  - Menu Bar
    181
  - Tool Bar
    182
  - Zoom
    182
  - Frames
    183
- Live View
  187
  - Graphical ESM View
    188
  - Tabular ESM View
    190
  - Right-Click Menu
    190
- Components of Event Source Hierarchy
  192
  - Component Status Indicators
    193
  - Adding Components to Event Source Hierarchy
    194
  - Collectors
    194
- Debugging
  211
- Export Configuration
  219
- Import Configuration
  221
  - Enable/Disable Import Configuration
    221
  - Reset Layout
    224
  - Undo Layout
    224
  - Redo Layout
    225
- Event Source Management Scratchpad
  225
- Comparison between Sentinel 5.X and Sentinel 6.0
  225
Event Source Management

179
- Understanding Event Source Management
  179
Administration

227
- Understanding Admin Tab
  227
- Introduction to User Interface
  228
- Crystal Report Configuration
  229
- Servers View
  231
  - Monitoring a Process
    232
  - Creating a Servers View
    233
  - Starting, Stopping and Restarting Processes
    233
- Filters
  234
  - Public Filters
    234
  - Private Filters
    234
  - Global Filters
    235
  - Configuring Public and Private Filters
    237
  - Color Filter Configuration
    240
- Configure Menu Options
  243
- DAS Statistics
  249
- Mapping
  251
  - Adding Map Definitions
    252
  - Adding a Number Range Map Definition
    254
  - Editing Map Definitions
    257
  - Deleting Map Definitions
    258
  - Updating Map Data
    259
- Event Configuration
  261
  - Event Mapping
    261
  - Renaming Tags
    265
- Report Data Configuration
  266
- User Configurations
  271
  - Oracle and Microsoft SQL 2005 Authentication
    271
  - Windows Authentication
    271
  - Opening the User Manager Window
    272
  - Creating a User Account
    272
  - Modifying a User Account
    276
  - Viewing Details of a User Account
    277
  - Cloning a User Account
    277
  - Deleting a User Account
    277
  - Terminating an Active Session
    277
  - Adding an Itrac Role
    278
  - Deleting an Itrac Role
    278
  - Viewing Details of a Role
    279
Sentinel Data Manager

281
- Understanding Sentinel Data Manager
  281
- Starting the SDM GUI
  281
  - Partitions Tab
    283
  - Tablespaces Tab
    286
  - Partition Configuration
    287
- SDM Command Line
  289
  - General Syntax of the SDM Command
    289
  - Starting SDM GUI
    289
  - Viewing Sentinel Database Space Usage
    289
Utilities

291
- Introduction to Sentinel Utilities
  291
- Starting and Stopping Sentinel Server
  291
  - Starting a Sentinel Server
    292
  - Stopping a Sentinel Server
    292
- Sentinel Scripts
  292
  - Operational Scripts
    293
  - Troubleshooting Scripts
    295
- Version Information
  298
- Database Cleanup
  299
  - Components
    300
  - Prerequisites
    301
- Updating Your License Key
  304
Quick Start

307
- Security Analysts
  307
  - Active Views Tab
    307
  - Exploit Detection
    308
  - Asset Data
    308
Chapter 8, "Advisor Usage and Maintenance," on

308
- Event Query
  309
- Creating Incidents
  310
- Itrac
  312
  - Instantiating a Process
    312
Chapter 3, "Correlation Tab," on

312
Chapter 4, "Incidents Tab," on

312
- Report Analyst
  325
  - Analysis Tab
    325
- Administrators
  326
  - Simple Correlation
    326
Solution Packs

331
- Components of a Solution Pack
  331
- Permissions for Using Solution Packs
  333
- Solution Manager
  334
  - Solution Manager Interface
    334
- Managing Solution Packs
  336
  - Importing Solution Packs
    336
  - Opening Solution Packs
    338
  - Installing Content from Solution Packs
    340
  - Implementing Controls
    348
  - Testing Controls
    349
  - Uninstalling Controls
    350
  - Viewing Solution Pack Status
    351
  - Deleting Solution Packs
    353
- Solution Designer
  354
  - Solution Designer Interface
    354
  - Connection Modes
    356
  - Creating a Solution Pack
    357
  - Managing Content Hierarchy Nodes
    357
  - Adding Content to a Solution Pack
    358
  - Documenting a Solution Pack
    362
  - Editing a Solution Pack
    363
- Deploying an Edited Solution Pack
  364
Actions and Integrator

365
- Overview
  365
- Action Manager
  366
  - Permissions for Using Action Plugins
    366
- Action Plugins
  367
  - Importing Javascript Action Plugins
    367
  - Importing Javascript Files
    370
- Actions
  379
  - Creating Actions
    379
  - Editing Actions
    380
  - Deleting Actions
    380
  - Using Javascript Actions
    381
  - Developing Javascript Actions
    381
Chapter 11, "Administration," on

381
- Integrator Manager
  385
  - Permissions for Using Integrators
    386
- Integrator Plugins
  387
  - Importing Integrator Plugins
    387
  - Integrators
    388
  - Deleting Integrator Plugins
    388
  - Creating an Integrator Instance
    388
  - Editing an Integrator Instance
    388
  - Deleting an Integrator Instance
    389
  - Integrator Connection Status
    389
  - Viewing Integrator Health Details
    389
  - Integrator Events Query
    391
  - Using Integrators from Actions
    392
Sentinel Link Solution

393
Identity Integration

431
- Overview
  431
  - Integration with Novell Identity Manager
    432
- Identity Browser
  434
  - Searching Profiles
    435
  - Viewing Profile Details
    436
- Reports
  439
A Sentinel Architecture

441
- Sentinel Features
  441
- Functional Architecture
  441
  - A.1 Sentinel Features
    441
  - A.2 Functional Architecture
    441
- Architecture Overview
  442
  - Iscale Platform
    442
    
    A.3 Architecture Overview
    442
    
    A.3.1 Iscale Platform
    442
  - Sentinel Event
    444
  - A.3.2 Sentinel Event
    444
  - Event Source Management
    447
  - Application Integration
    448
  - Time
    448
    
    A.3.4 Application Integration
    448
    
    A.3.5 Time
    448
  - System Events
    449
  - A.3.6 System Events
    449
  - Processes
    450
  - A.3.7 Processes
    450
- Logical Architecture
  452
  - A.4 Logical Architecture
    452
  - Collection and Enrichment Layer
    453
  - Business Logic Layer
    456
  - A.4.3 Presentation Layer
    464
  - Presentation Layer
    464
Appendix B, "System Events for Sentinel," on

450
B System Events for Sentinel

467
- Advisor Audit Events
  467
  - Advisor Update Successful
    467
  - Advisor Update Failure
    467
- Download Manager Audit Events
  468
  - Download Successful
    468
  - Download Failed
    468
    
    B.2.1 Download Successful
    468
    
    B.2.2 Download Failed
    468
  - Download Config Updated
    469
  - Download Config Added
    469
  - Download Config Removed
    469
- Authentication Events
  469
  - Authentication
    469
    
    B.3 Authentication Events
    469
    
    B.3.1 Authentication
    469
  - Creating Entry for External User
    470
  - Duplicate User Objects
    470
  - Failed Authentication
    470
  - B.3.4 Failed Authentication
    470
  - Locked Account
    471
  - B.3.5 Locked Account
    471
  - No such User Event
    471
  - Too Many Active Users
    472
  - User Discovered
    472
  - User Logged in
    472
    
    B.3.8 User Discovered
    472
    
    B.3.9 User Logged in
    472
  - User Logged out
    473
- User Management
  473
  - Add Users to Role
    473
  - B.4 User Management
    473
  - Create Role
    474
  - Create User
    474
    
    B.4.2 Create Role
    474
    
    B.4.3 Create User
    474
  - Creating User Account
    474
  - Delete Role
    475
  - B.4.5 Delete Role
    475
  - Deleting User Account
    475
  - Locking User Account
    475
  - Remove Users from Role
    476
  - Resetting Password
    476
  - B.4.9 Resetting Password
    476
  - Unlocking User Account
    476
  - Updating User
    477
  - B.4.11 Updating User
    477
- Database Event Management
  477
  - Database Space Reached Specified Percent Threshold
    477
  - Database Space Reached Specified Time Threshold
    477
  - Database Space very Low
    478
  - Error Inserting Events
    478
  - Error Moving Completed File
    478
  - Error Processing Event Message
    479
  - Error Saving Failed Events
    479
  - Event Insertion Is Blocked
    479
  - Event Insertion Is Resumed
    480
  - Event Message Queue Overflow
    480
  - Event Processing Failed
    481
  - No Space in the Database
    481
  - Opening Archive File Failed
    481
  - Partition Configuration
    482
  - B.5.14 Partition Configuration
    482
  - Writing to Archive File Failed
    482
  - Writing to the Overflow Partition (P_MAX)
    482
- Database Aggregation
  483
  - Creating Summary
    483
  - Deleting Summary
    483
  - Disabling Summary
    483
    
    B.6.1 Creating Summary
    483
    
    B.6.2 Deleting Summary
    483
    
    B.6.3 Disabling Summary
    483
    
    B.6 Database Aggregation
    483
  - Enabling Summary
    484
  - Error Inserting Summary Data into the Database
    484
  - Saving Summary
    484
- Mapping Service
  484
  - B.6.4 Enabling Summary
    484
  - B.6.5 Error Inserting Summary Data into the Database
    484
  - B.6.6 Saving Summary
    484
  - B.7 Mapping Service
    484
  - B.7.1 Error
    485
  - B.7.2 Error Applying Incremental Update
    485
  - B.7.3 Error Initializing Map with ID
    485
  - Error
    485
  - Error Applying Incremental Update
    485
  - Error Initializing Map with ID
    485
  - Error Refreshing Map
    486
  - Error Saving Data File
    486
  - Get File Size
    486
  - Loaded Large Map
    487
  - Long Time to Load Map
    487
  - Out of Sync Detected
    487
  - Refreshing Map from Cache
    488
  - Refreshing Map from Server
    488
  - Save Data File
    489
  - Saved Data File
    489
  - Timed out Waiting for Callback
    489
  - B.7.16 Update
    490
  - Timeout Refreshing Map
    490
  - Update
    490
  - Update
    491
- Event Router
  491
  - B.7.17 Update
    491
  - B.8 Event Router
    491
  - Event Router Is Initializing
    491
  - Event Router Is Running
    491
  - Event Router Is Stopping
    492
  - Event Router Is Terminating
    492
- Correlation Engine
  492
  - B.9 Correlation Engine
    492
  - Correlation Action Definition
    493
  - Correlation Engine Configuration
    493
  - Correlation Engine Is Running
    493
  - B.9.5 Correlation Rule
    494
  - Correlation Engine Is Stopped
    494
  - Correlation Rule
    494
  - Correlation Rule Configuration
    494
    
    B.9.8 Disabling Rule
    495
    
    B.9.9 Enabling Rule
    495
  - Deploy Rules with Actions to Engine
    495
  - Disabling Rule
    495
  - Enabling Rule
    495
  - Rename Correlation Engine
    496
  - Rule Deployment Is Modified
    496
  - Rule Deployment Is Started
    496
    
    B.9.14 Starting Engine
    497
    
    B.9.15 Stopping Engine
    497
  - Rule Deployment Is Stopped
    497
  - Starting Engine
    497
  - Stopping Engine
    497
  - B.9.17 Undeploy Rule
    498
  - Undeploy All Rules from Engine
    498
  - Undeploy Rule
    498
  - Update Correlation Rule Actions
    498
- Event Source Management-General
  498
  - Collector Manager Initialized
    499
  - Collector Manager Is down
    499
  - Collector Manager Started
    499
  - Collector Manager Stopped
    500
  - Collector Service Callback
    500
  - Cyclical Dependency
    500
  - B.10.6 Cyclical Dependency
    500
  - Event Source Manager Callback
    501
  - Initializing Collector Manager
    501
  - Lost Contact with Collector Manager
    501
  - No Data Alert
    502
  - Persistent Process Died
    502
  - Persistent Process Restarted
    502
  - Port Start
    503
  - Port Stop
    503
  - Reestablished Contact with Collector Manager
    503
  - Restart Plugin Deployments
    504
  - Restarting Collector Manager (Cold Restart)
    504
  - Restarting Collector Manager (Warm Restart)
    504
  - Start Event Source Group
    505
  - Start Event Source Manager
    505
  - Starting Collector Manager
    505
  - Stop Event Source Group
    506
  - Stop Event Source Manager
    506
  - Stopping Collector Manager
    506
- Event Source Management-Event Sources
  506
  - Start Event Source
    507
  - Stop Event Source
    507
- Event Source Management-Collectors
  507
  - Start Collector
    507
  - B.12.1 Start Collector
    507
  - Stop Collector
    508
  - B.12.2 Stop Collector
    508
- Event Source Management-Event Source Servers
  508
  - Start Event Source Server
    508
  - Stop Event Source Server
    508
  - Stop Event Source Server
    509
- Event Source Management-Connectors
  509
  - Data Received after Timeout
    509
  - Data Timeout
    509
  - B.14.2 Data Timeout
    509
  - File Rotation
    510
  - B.14.3 File Rotation
    510
  - Process Auto Restart Error
    510
  - Process Start Error
    511
  - Process Stop
    511
  - B.14.6 Process Stop
    511
  - WMI Connector Status Message
    511
- Active Views
  511
  - Active View Created
    512
  - Active View Joined
    512
  - Active View no Longer Permanent
    512
  - Active View Now Permanent
    513
  - Idle Active View Removed
    513
  - Idle Permanent Active View Removed
    513
- Data Objects
  514
  - Activity Definition
    514
  - Configuration
    514
    
    B.16.1 Activity Definition
    514
    
    B.16.2 Configuration
    514
  - Viewing Configuration Store
    515
  - Write Data
    515
  - B.16.4 Write Data
    515
- Activities
  515
  - Creating an Activity
    515
  - B.17.1 Creating an Activity
    515
  - Deleting an Activity
    516
  - Saving an Activity
    516
    
    B.17.2 Deleting an Activity
    516
    
    B.17.3 Saving an Activity
    516
- Incidents and Workflows
  516
  - Add Events to Incident
    516
  - Adding Process Definition
    517
  - Create Incident
    517
  - Creating Group
    517
    
    B.18.3 Create Incident
    517
    
    B.18.4 Creating Group
    517
  - Creating User
    518
  - Delete Incident
    518
  - Deleting Group
    518
    
    B.18.5 Creating User
    518
    
    B.18.6 Delete Incident
    518
    
    B.18.7 Deleting Group
    518
  - Deleting Process Definition
    519
  - Deleting User
    519
  - B.18.9 Deleting User
    519
  - E-Mail Incident
    519
  - Get Incident
    520
  - Save Incident
    520
  - Saving Group
    520
  - Saving Process Definition
    521
  - Viewing Process Definition
    521
- General
  521
  - Configuration Service
    521
  - B.19.1 Configuration Service
    521
  - Controlled Process Is Started
    522
  - Controlled Process Is Stopped
    522
  - Importing Auxiliary
    522
  - B.19.4 Importing Auxiliary
    522
  - Importing Plugin
    523
  - B.19.5 Importing Plugin
    523
  - Load Esec Taxonomy to XML
    523
  - Process Auto Restart Error
    523
  - Process Restarts
    524
  - B.19.8 Process Restarts
    524
  - Proxy Client Registration Service (Medium)
    524
  - Restarting Process
    524
  - Restarting Processes
    525
  - Starting Process
    525
  - Starting Processes
    525
  - Stopping Process
    526
    
    B.19.15 Stopping Processes
    526
    
    B.19.16 Store Esec Taxonomy from XML
    526
    
    B.19.17 Watchdog Process Is Started
    526
    
    B.19.18 Watchdog Process Is Stopped
    527

Advertisement

Advertisement

Related Products

NOVELL Categories

Software Server

Desktop

Printer

Printer Recording Equipment

More NOVELL Manuals