Novell SENTINEL 6.1 SP2 Manuals

Manuals and User Guides for Novell SENTINEL 6.1 SP2. We have 3 Novell SENTINEL 6.1 SP2 manuals available for free PDF download: User Manual, Reference Manual, Installation Manual

NOVELL SENTINEL 6.1 SP2 User Manual (528 pages)

Brand: NOVELL | Category: Software | Size: 12 MB

Table of Contents
5
Preface

17
Sentinel Control Center

21
- About Sentinel Control Center
  21
  - Active Views
    21
  - Incidents
    22
  - Itrac
    22
  - Analysis
    22
  - Advisor
    22
  - Admin
    22
  - Correlation
    23
  - Event Source Management
    23
  - Solution Packs
    24
  - Identity Integration
    24
- Log in to the Sentinel Control Center
  24
- Introduction to the User Interface
  25
  - Menu Bar
    26
  - Toolbar
    26
  - Tabs
    27
  - Frames
    28
  - Navigating through Sentinel Control Center
    28
  - Changing the Appearance of Sentinel Control Center
    28
  - Saving User Preferences
    30
  - Changing Password
    30
  - Hostname Updates
    30
  - Configuring the Attachment Viewer
    32
Active Views Tab

35
Correlation Tab

65
- Understanding Correlation
  65
  - Technical Implementation
    66
- Introduction to the User Interface
  67
- Correlation Rules
  67
- Dynamic Lists
  82
- Correlation Engine
  85
  - Starting or Stopping Correlation Engine
    86
  - Renaming Correlation Engine
    86
- Correlation Actions
  86
  - Configure Correlated Event
    87
  - Add to Dynamic List
    88
  - Remove from Dynamic List
    89
  - Execute a Command
    90
  - Create Incident
    91
  - Send Email
    92
  - Imported Javascript Action Plugins
    92
Incidents Tab

93
- Understanding an Incident
  93
- Introduction to User Interface
  93
  - Incident View
    94
  - Incident
    94
- Manage Incident Views
  95
  - Adding a View
    95
  - Modifying a View
    98
  - Deleting a View
    99
  - Default View
    99
- Manage Incidents
  99
  - Creating Incidents
    100
  - Viewing an Incident
    101
  - Attaching Workflows to Incidents
    101
  - Adding Notes to Incidents
    101
  - Adding Attachments to Incidents
    101
  - Executing Incident Actions
    102
  - Emailing an Incident
    104
  - Modifying Incidents
    105
  - Deleting Incidents
    106
- Switch between Existing Incident Views
  106
Chapter 5, "Itrac Workflows," on

107
Itrac Workflows

107
- Understanding Itrac Workflows
  107
- Introduction to the User Interface
  108
- Template Manager
  109
  - Default Templates
    109
- Template Builder Interface
  110
  - Creating Templates
    112
  - Managing Templates
    113
- Steps
  114
  - Start Step
    114
  - Manual Steps
    114
  - Decision Steps
    118
  - Mail Steps
    118
  - Command Steps
    118
  - Activity Steps
    119
  - End Step
    120
  - Adding Steps to a Workflow
    120
  - Managing Steps
    121
- Transitions
  125
  - Unconditional Transitions
    125
  - Conditional Transitions
    126
  - Else Transitions
    130
  - Timeout Transitions
    131
  - Alert Transitions
    131
  - Error Transition
    132
  - Managing Transitions
    132
- Activities
  133
  - Incident Command Activity
    134
  - Incident Internal Activity
    134
  - Incident Composite Activity
    135
  - Creating Itrac Activities
    135
  - Managing Activities
    140
- Process Management
  142
  - Instantiating a Process
    142
  - Automatic Step Execution
    142
  - Manual Step Execution
    142
  - Display Status
    143
  - Displaying Status of a Process
    143
  - Changing Views in Process Manager
    144
  - Starting or Terminating a Process
    145
Work Items

147
- Understanding Work Items
  147
  - Work Item Summary
    147
- Processing a Work Item
  150
  - Accepting a Work Item
    150
- Manage Work Items of Other Users
  151
Analysis Tab

153
- Understanding Analysis
  153
- Introduction to the User Interface
  153
  - Top Ten Reports
    154
  - Running a Report from Crystal Reports Server
    156
  - Running an Event Query Report
    156
- Offline Query
  156
  - Creating an Offline Query
    157
  - Viewing, Exporting or Deleting an Offline Query
    157
Chapter 2, "Active Views Tab," on

157
Advisor Usage and Maintenance

159
- Understanding Advisor
  159
- Understanding Exploit Detection
  160
  - How Exploit Detection Works
    160
  - Generating the Exploit Detection File
    162
  - Viewing the Events
    162
- Introduction to the Advisor User Interface
  162
- Downloading the Advisor Feed
  166
  - Configuring the Sentinel Server for Automated Downloads
    166
  - Downloading the Advisor Feed Manually
    167
- Viewing the Advisor Status
  167
- Viewing the Advisor Data
  169
- Advisor Reports
  170
  - Generating the Advisor Reports
    170
  - Viewing the Advisor Reports
    170
- Resetting the Advisor Password
  171
- Deleting the Advisor Data
  171
- Advisor Audit Events
  171
Download Manager

173
Chapter 10, "Event Source Management," on

179
- Plugin Repository
  180
- Introduction to the User Interface
  180
  - Menu Bar
    181
  - Tool Bar
    182
  - Zoom
    182
  - Frames
    183
- Live View
  187
  - Graphical ESM View
    188
  - Tabular ESM View
    190
  - Right-Click Menu
    190
- Components of Event Source Hierarchy
  192
  - Component Status Indicators
    193
  - Adding Components to Event Source Hierarchy
    194
  - Collectors
    194
- Debugging
  211
- Export Configuration
  219
- Import Configuration
  221
  - Enable/Disable Import Configuration
    221
  - Reset Layout
    224
  - Undo Layout
    224
  - Redo Layout
    225
- Event Source Management Scratchpad
  225
- Comparison between Sentinel 5.X and Sentinel 6.0
  225
Event Source Management

179
- Understanding Event Source Management
  179
Administration

227
- Understanding Admin Tab
  227
- Introduction to User Interface
  228
- Crystal Report Configuration
  229
- Servers View
  231
  - Monitoring a Process
    232
  - Creating a Servers View
    233
  - Starting, Stopping and Restarting Processes
    233
- Filters
  234
  - Public Filters
    234
  - Private Filters
    234
  - Global Filters
    235
  - Configuring Public and Private Filters
    237
  - Color Filter Configuration
    240
- Configure Menu Options
  243
- DAS Statistics
  249
- Mapping
  251
  - Adding Map Definitions
    252
  - Adding a Number Range Map Definition
    254
  - Editing Map Definitions
    257
  - Deleting Map Definitions
    258
  - Updating Map Data
    259
- Event Configuration
  261
  - Event Mapping
    261
  - Renaming Tags
    265
- Report Data Configuration
  266
- User Configurations
  271
  - Oracle and Microsoft SQL 2005 Authentication
    271
  - Windows Authentication
    271
  - Opening the User Manager Window
    272
  - Creating a User Account
    272
  - Modifying a User Account
    276
  - Viewing Details of a User Account
    277
  - Cloning a User Account
    277
  - Deleting a User Account
    277
  - Terminating an Active Session
    277
  - Adding an Itrac Role
    278
  - Deleting an Itrac Role
    278
  - Viewing Details of a Role
    279
Sentinel Data Manager

281
- Understanding Sentinel Data Manager
  281
- Starting the SDM GUI
  281
  - Partitions Tab
    283
  - Tablespaces Tab
    286
  - Partition Configuration
    287
- SDM Command Line
  289
  - General Syntax of the SDM Command
    289
  - Starting SDM GUI
    289
  - Viewing Sentinel Database Space Usage
    289
Utilities

291
- Introduction to Sentinel Utilities
  291
- Starting and Stopping Sentinel Server
  291
  - Starting a Sentinel Server
    292
  - Stopping a Sentinel Server
    292
- Sentinel Scripts
  292
  - Operational Scripts
    293
  - Troubleshooting Scripts
    295
- Version Information
  298
- Database Cleanup
  299
  - Components
    300
  - Prerequisites
    301
- Updating Your License Key
  304
Quick Start

307
- Security Analysts
  307
  - Active Views Tab
    307
  - Exploit Detection
    308
  - Asset Data
    308
Chapter 8, "Advisor Usage and Maintenance," on

308
- Event Query
  309
- Creating Incidents
  310
- Itrac
  312
  - Instantiating a Process
    312
Chapter 3, "Correlation Tab," on

312
Chapter 4, "Incidents Tab," on

312
- Report Analyst
  325
  - Analysis Tab
    325
- Administrators
  326
  - Simple Correlation
    326
Solution Packs

331
- Components of a Solution Pack
  331
- Permissions for Using Solution Packs
  333
- Solution Manager
  334
  - Solution Manager Interface
    334
- Managing Solution Packs
  336
  - Importing Solution Packs
    336
  - Opening Solution Packs
    338
  - Installing Content from Solution Packs
    340
  - Implementing Controls
    348
  - Testing Controls
    349
  - Uninstalling Controls
    350
  - Viewing Solution Pack Status
    351
  - Deleting Solution Packs
    353
- Solution Designer
  354
  - Solution Designer Interface
    354
  - Connection Modes
    356
  - Creating a Solution Pack
    357
  - Managing Content Hierarchy Nodes
    357
  - Adding Content to a Solution Pack
    358
  - Documenting a Solution Pack
    362
  - Editing a Solution Pack
    363
- Deploying an Edited Solution Pack
  364
Actions and Integrator

365
- Overview
  365
- Action Manager
  366
  - Permissions for Using Action Plugins
    366
- Action Plugins
  367
  - Importing Javascript Action Plugins
    367
  - Importing Javascript Files
    370
- Actions
  379
  - Creating Actions
    379
  - Editing Actions
    380
  - Deleting Actions
    380
  - Using Javascript Actions
    381
  - Developing Javascript Actions
    381
Chapter 11, "Administration," on

381
- Integrator Manager
  385
  - Permissions for Using Integrators
    386
- Integrator Plugins
  387
  - Importing Integrator Plugins
    387
  - Integrators
    388
  - Deleting Integrator Plugins
    388
  - Creating an Integrator Instance
    388
  - Editing an Integrator Instance
    388
  - Deleting an Integrator Instance
    389
  - Integrator Connection Status
    389
  - Viewing Integrator Health Details
    389
  - Integrator Events Query
    391
  - Using Integrators from Actions
    392
Sentinel Link Solution

393
Identity Integration

431
- Overview
  431
  - Integration with Novell Identity Manager
    432
- Identity Browser
  434
  - Searching Profiles
    435
  - Viewing Profile Details
    436
- Reports
  439
A Sentinel Architecture

441
- Sentinel Features
  441
- Functional Architecture
  441
  - A.1 Sentinel Features
    441
  - A.2 Functional Architecture
    441
- Architecture Overview
  442
  - Iscale Platform
    442
    
    A.3 Architecture Overview
    442
    
    A.3.1 Iscale Platform
    442
  - Sentinel Event
    444
  - A.3.2 Sentinel Event
    444
  - Event Source Management
    447
  - Application Integration
    448
  - Time
    448
    
    A.3.4 Application Integration
    448
    
    A.3.5 Time
    448
  - System Events
    449
  - A.3.6 System Events
    449
  - Processes
    450
  - A.3.7 Processes
    450
- Logical Architecture
  452
  - A.4 Logical Architecture
    452
  - Collection and Enrichment Layer
    453
  - Business Logic Layer
    456
  - A.4.3 Presentation Layer
    464
  - Presentation Layer
    464
Appendix B, "System Events for Sentinel," on

450

NOVELL SENTINEL 6.1 SP2 Reference Manual (232 pages)

Brand: NOVELL | Category: Software | Size: 3 MB

Table of Contents

5
- Preface
  
  13
  - Sentinel TM User Reference Introduction
    15
- 2 Sentinel Event Fields
  
  17
  - Event Field Labels and Tags
    17
    
    Free-Form Filters and Correlation Rules
    18
    
    Actions
    19
    
    Javascript Collectors
    21
    
    Proprietary Collectors
    21
  - List of Fields and Representations
    21
- 3 Sentinel Control Center User Permissions
  
  31
  - General
    33
    
    General – Manage Private Filters of Other Users
    33
    
    General – Public Filters
    33
    
    General – Integration Actions
    34
  - Active Views
    34
    
    Active Views – Active Views
    34
    
    Active Views – Menu Items
    34
  - Itrac
    35
    
    Itrac - Process Management
    35
    
    Itrac - Template Management
    35
  - Incidents
    35
  - Integrators
    36
  - Actions
    36
  - Event Source Management
    37
  - Analysis Tab
    37
  - Advisor Tab
    37
  - Administration
    38
    
    Administration – Global Filters
    38
    
    Administration – Server Views
    38
  - Correlation
    39
  - Solution Pack
    39
  - Identity
    39
- 4 Sentinel Correlation Engine Rulelg Language
  
  41
  - Correlation Rulelg Language Overview
    41
  - Event Fields
    41
  - Event Operations
    42
    
    Filter Operation
    42
    
    Window Operation
    44
    
    Trigger Operation
    45
  - Rule Operations
    46
    
    Gate Operation
    46
    
    Flow Operator
    47
    
    Sequence Operation
    47
  - Operators
    47
    
    Discriminator Operator
    48
    
    Intersection Operator
    48
    
    Union Operator
    48
  - Order of Operators
    48
  - Differences between Correlation in 5.X and 6.X
    49
- 5 Sentinel Data Access Service
  
  51
  - Reconfiguring Database Connection Properties
    51
  - DAS Container Files
    51
    
    DAS Logging Properties Configuration Files
    52
    
    Certificate Management for Das_Proxy
    54
- 6 Sentinel Accounts and Password Changes
  
  59
  - Native Database Authentication
    59
  - Windows Authentication
    59
  - Sentinel Default Users
    59
    
    Changing Password
    60
  - Password Changes
    60
    
    Sentinel Updates after a Password Change
    61
- 7 Sentinel Database Views for Oracle
  
  65
  - Actvy_Parm_Rpt_V
    65
    
    Actvy_Ref_Parm_Val_Rpt_V
    65
    
    Views
    65
  - Actvy_Ref_Rpt_V
    66
  - Actvy_Rpt_V
    66
  - Adv_Nxs_Feed_V
    67
    
    Adv_Nxs_Products_V
    68
    
    Adv_Nxs_Signatures_V
    69
  - Adv_Nxs_Mappings_V
    69
  - Adv_Osvdb_Details_V
    70
  - Adv_Nxs_Kb_Patch_V
    73
  - Adv_Nxs_Kb_Productsref_V
    74
    
    Asset_Category_Rpt_V
    74
    
    Asset_Hostname_Rpt_V
    75
    
    Asset_Ip_Rpt_V
    75
    
    Asset_Location_Rpt_V
    75
    
    Asset_Rpt_V
    76
  - Asset_Value_Rpt_V
    76
  - Asset_X_Entity_X_Role_Rpt_V
    77
  - Associations_Rpt_V
    77
  - Attachments_Rpt_V
    78
  - Audit_Record_Rpt_V
    78
  - Configs_Rpt_V
    79
  - Contacts_Rpt_V
    79
  - CORRELATED_EVENTS_RPT_V (Legacy View)
    80
    
    Correlated_Events_Rpt_V1
    80
    
    Criticality_Rpt_V
    80
  - Cust_Hierarchy_V
    81
  - Cust_Rpt_V
    81
    
    Entity_Type_Rpt_V
    81
    
    Env_Identity_Rpt_V
    82
    
    Esec_Content_Grp_Content_Rpt_V
    82
  - Esec_Content_Grp_Rpt_V
    83
  - Esec_Content_Pack_Rpt_V
    83
    
    Esec_Content_Rpt_V
    83
  - Esec_Ctrl_Ctgry_Rpt_V
    84
  - Esec_Ctrl_Rpt_V
    84
    
    Esec_Display_Rpt_V
    85
  - Esec_Port_Reference_Rpt_V
    86
  - Esec_Protocol_Reference_Rpt_V
    86
  - Esec_Sequence_Rpt_V
    87
    
    Esec_Uuid_Uuid_Assoc_Rpt_V
    87
    
    EVENTS_ALL_RPT_V (Legacy View)
    87
7.1.43 Events_All_Rpt_V1 (Legacy View)

88
- EVENTS_ALL_RPT_V1 (Legacy View)
  88
- EVENTS_RPT_V (Legacy View)
  88
- EVENTS_RPT_V1 (Legacy View)
  88
- Events_Rpt_V2
  88
- Column Name
  89
  - Event_Id
    92
  - Severity
    92
  - Sub_Resource
    92
- Events_Rpt_V3
  92
- Begin_Time
  93
- Cust_Id
  93
- End_Time
  93
- Event_Datetime
  93
- Event_Name
  93
- Event_Time
  93
- Repeat_Count
  93
- Evt_Agent_Rpt_V
  96
- Evt_Agent_Rpt_V3
  97
- Evt_Asset_Rpt_V
  97
  - Evt_Asset_Rpt_V3
    98
- Evt_Dest_Evt_Name_Smry_1_Rpt_V
  99
- Evt_Dest_Smry_1_Rpt_V
  99
- Evt_Dest_Txnmy_Smry_1_Rpt_V
  100
- Evt_Name_Rpt_V
  100
- Evt_Port_Smry_1_Rpt_V
  101
  - Evt_Prtcl_Rpt_V
    101
- Evt_Prtcl_Rpt_V3
  102
  - Evt_Rsrc_Rpt_V
    102
  - Evt_Sev_Smry_1_Rpt_V
    102
- Evt_Src_Collector_Rpt_V
  103
  - Evt_Src_Grp_Rpt_V
    103
  - Evt_Src_Mgr_Rpt_V
    104
  - Evt_Src_Offset_Rpt_V
    104
- Evt_Src_Rpt_V
  104
- Evt_Src_Smry_1_Rpt_V
  105
  - Evt_Src_Srvr_Rpt_V
    106
  - Evt_Txnmy_Rpt_V
    106
  - Evt_Usr_Rpt_V
    106
- Evt_Xdas_Txnmy_Rpt_V
  107
- External_Data_Rpt_V
  107
- HIST_CORRELATED_EVENTS_RPT_V (Legacy View)
  108
  - HIST_EVENTS_RPT_V (Legacy View)
    108
  - Images_Rpt_V
    108
- Incidents_Assets_Rpt_V
  108
  - Incidents_Events_Rpt_V
    109
  - Incidents_Rpt_V
    109
- Incidents_Vuln_Rpt_V
  110
  - Logs_Rpt_V
    110
  - L_Stat_Rpt_V
    110
  - Mssp_Associations_V
    111
- Network_Identity_Rpt_V
  111
- Organization_Rpt_V
  111
  - Person_Rpt_V
    112
  - Physical_Asset_Rpt_V
    112
  - Product_Rpt_V
    113
- Role_Rpt_V
  113
  - Rpt_Labels_Rpt_V
    113
  - Sensitivity_Rpt_V
    114
  - Sentinel_Host_Rpt_V
    114
  - Sentinel_Plugin_Rpt_V
    114
  - Sentinel_Rpt_V
    115
  - States_Rpt_V
    115
  - Unassigned_Incidents_Rpt_V
    116
  - Users_Rpt_V
    116
  - Usr_Account_Rpt_V
    117
  - Usr_Identity_Ext_Attr_Rpt_V
    117
  - Usr_Identity_Rpt_V
    118
  - Vendor_Rpt_V
    118
  - Vuln_Calc_Severity_Rpt_V
    119
  - Vuln_Code_Rpt_V
    119
  - Vuln_Info_Rpt_V
    120
  - Vuln_Rpt_V
    120
  - Vuln_Rsrc_Rpt_V
    121
  - Vuln_Rsrc_Scan_Rpt_V
    122
  - Vuln_Scan_Rpt_V
    122
  - Vuln_Scan_Vuln_Rpt_V
    122
  - Vuln_Scanner_Rpt_V
    123
  - Workflow_Def_Rpt_V
    123
  - Deprecated Views
    124
  - Workflow_Info_Rpt_V
    124
- 8 Sentinel Database Views for Microsoft SQL Server
  
  125
  - Views
    125
    
    Actvy_Parm_Rpt_V
    125
    
    Actvy_Ref_Parm_Val_Rpt_V
    125
    
    Actvy_Ref_Rpt_V
    126
    
    Actvy_Rpt_V
    126
    
    Adv_Nxs_Feed_V
    127
    
    Adv_Nxs_Products_V
    127
    
    Adv_Nxs_Signatures_V
    128
    
    Adv_Nxs_Mappings_V
    129
    
    Adv_Osvdb_Details_V
    130
    
    Adv_Nxs_Kb_Patch_V
    132
    
    Adv_Nxs_Kb_Productsref_V
    133
    
    Annotations_Rpt_V
    133
    
    Asset_Category_Rpt_V
    134
    
    Asset_Hostname_Rpt_V
    134
    
    Asset_Ip_Rpt_V
    134
    
    Asset_Location_Rpt_V
    135
    
    Asset_Rpt_V
    135
    
    Asset_Value_Rpt_V
    136
    
    Asset_X_Entity_X_Role_Rpt_V
    136
    
    Associations_Rpt_V
    137
    
    Attachments_Rpt_V
    137
    
    Audit_Record_Rpt_V
    138
    
    Configs_Rpt_V
    138
    
    Contacts_Rpt_V
    139
    
    CORRELATED_EVENTS_RPT_V (Legacy View)
    139
    
    Correlated_Events_Rpt_V1
    139
    
    Criticality_Rpt_V
    140
    
    Cust_Hierarchy_V
    140
    
    Cust_Rpt_V
    141
    
    Entity_Type_Rpt_V
    141
    
    Env_Identity_Rpt_V
    141
    
    Esec_Content_Grp_Content_Rpt_V
    142
    
    Esec_Content_Grp_Rpt_V
    142
    
    Esec_Content_Pack_Rpt_V
    143
  - Esec_Content_Rpt_V
    143
    
    Esec_Ctrl_Ctgry_Rpt_V
    143
    
    Esec_Ctrl_Rpt_V
    144
  - Esec_Display_Rpt_V
    144
    
    Esec_Port_Reference_Rpt_V
    145
    
    Esec_Protocol_Reference_Rpt_V
    146
    
    Esec_Sequence_Rpt_V
    146
  - Esec_Uuid_Uuid_Assoc_Rpt_V
    147
  - EVENTS_ALL_RPT_V (Legacy View)
    147
  - EVENTS_ALL_RPT_V1 (Legacy View)
    147
  - EVENTS_ALL_V (Legacy View)
    147
    
    EVENTS_RPT_V (Legacy View)
    147
    
    EVENTS_RPT_V1 (Legacy View)
    147
    
    Events_Rpt_V2
    147
    
    Events_Rpt_V3
    152
    
    Evt_Agent_Rpt_V
    156
    
    Evt_Agent_Rpt_V3
    157
    
    Evt_Asset_Rpt_V
    157
  - Evt_Asset_Rpt_V3
    158
    
    Evt_Dest_Evt_Name_Smry_1_Rpt_V
    159
    
    Evt_Dest_Smry_1_Rpt_V
    159
    
    Evt_Dest_Txnmy_Smry_1_Rpt_V
    160
    
    Evt_Name_Rpt_V
    161
  - Evt_Port_Smry_1
    161
  - Evt_Prtcl_Rpt_V
    162
    
    Evt_Port_Smry_1_Rpt_V
    162
  - Evt_Rsrc_Rpt_V
    162
  - Evt_Sev_Smry_1_Rpt_V
    163
    
    Evt_Src_Collector_Rpt_V
    163
  - Evt_Src_Grp_Rpt_V
    164
  - Evt_Src_Mgr_Rpt_V
    164
  - Evt_Src_Offset_Rpt_V
    164
    
    Evt_Src_Rpt_V
    165
    
    Evt_Src_Smry_1_Rpt_V
    165
  - Evt_Txnmy_Rpt_V
    166
  - Evt_Src_Srvr_Rpt_V
    166
  - Evt_Usr_Rpt_V
    167
    
    Evt_Xdas_Txnmy_Rpt_V
    167
    
    External_Data_Rpt_V
    168
  - Hist_Correlated_Events
    168
  - Hist_Events
    169
    
    HIST_CORRELATED_EVENTS_RPT_V (Legacy View)
    169
  - HIST_EVENTS_RPT_V (Legacy View)
    172
  - Images_Rpt_V
    172
    
    Incidents_Assets_Rpt_V
    172
  - Incidents_Rpt_V
    173
  - Incidents_Events_Rpt_V
    173
  - L_Stat_Rpt_V
    174
    
    Incidents_Vuln_Rpt_V
    174
  - Logs_Rpt_V
    175
  - Mssp_Associations_V
    175
    
    Network_Identity_Rpt_V
    175
    
    Organization_Rpt_V
    176
  - Person_Rpt_V
    176
  - Physical_Asset_Rpt_V
    176
    
    Role_Rpt_V
    177
  - Product_Rpt_V
    177
    
    Rpt_Labels_Rpt_V
    178
    
    Sensitivity_Rpt_V
    178
    
    Sentinel_Host_Rpt_V
    178
    
    Sentinel_Plugin_Rpt_V
    179
    
    Sentinel_Rpt_V
    179
    
    States_Rpt_V
    179
    
    Unassigned_Incidents_Rpt_V
    180
    
    Users_Rpt_V
    180
    
    Usr_Account_Rpt_V
    181
    
    Usr_Identity_Ext_Attr_Rpt_V
    182
    
    Usr_Identity_Rpt_V
    182
    
    Vendor_Rpt_V
    182
    
    Vuln_Calc_Severity_Rpt_V
    183
    
    Vuln_Code_Rpt_V
    183
    
    Vuln_Info_Rpt_V
    184
    
    Vuln_Rpt_V
    184
    
    Vuln_Rsrc_Rpt_V
    185
    
    Vuln_Rsrc_Scan_Rpt_V
    186
    
    Vuln_Scan_Rpt_V
    186
    
    Vuln_Scan_Vuln_Rpt_V
    186
    
    Vuln_Scanner_Rpt_V
    187
    
    Workflow_Def_Rpt_V
    187
    
    Workflow_Info_Rpt_V
    187
    
    Deprecated Views
    188
    
    B.1 Sentinel Services
    193
    
    B.2 Introduction to Service Logon Accounts
    193
    
    B.2.1 Disadvantages of Running a Service in the Context of a User Logon
    194
    
    B.3 to Setup NT Authority\Networkservice as the Logon Account for Sentinel Service
    195
    
    Instances
    195
    
    B.3.2 Changing Logon Account
    198
    
    B.3.3 Setting the Sentinel Service to Start Successfully
    199
    
    C.1 Advisor
    201
    
    C.2 Collector Manager
    202
    
    C.3 Correlation Engine
    203
    
    C.4 Data Access Server (DAS)
    204
    
    C.5 Sentinel Communication Server
    205
    
    C.6 Sentinel Service
    206
    
    C.7 Reporting Server
    206
    
    D.1 Sentinel Database Instance
    207
    
    D.1.1 Esec
    207
    
    D.1.2 Esec_Wf
    207
    
    D.2 Sentinel Database Users
    207
    
    D.2.1 Summary
    208
    
    D.2.2 Esecadm
    208
    
    D.2.3 Esecapp
    208
    
    D.2.4 Esecdba
    209
    
    D.2.5 Esecrpt
    209
    
    D.3 Sentinel Database Roles
    209
    
    D.3.1 Summary
    209
    
    D.3.2 Esec_App
    209
    
    D.3.3 Esec_Etl
    218
    
    D.3.4 Esec_User
    224
    
    D.4 Sentinel Server Roles
    228
    
    D.5 Windows Domain Authentication DB Users and Permissions
    228
- E Sentinel Log Locations
  
  229
  - E.1 Sentinel Data Manager
    229
  - E.2 Itrac
    229
  - E.3 Advisor
    230
  - E.4 Event Insertion
    230
  - E.5 Database Queries
    230
  - E.6 Active Views
    230
  - E.7 Aggregation
    231
  - E.8 Wrapper
    231
  - E.9 Collector Manager
    231
  - E.10 Correlation Engine
    231
  - E.11 Sentinel Control Center
    232
  - E.12 das Proxy
    232
  - E.13 Solution Designer
    232
  - E.14 Multiple Instances
    232

NOVELL SENTINEL 6.1 SP2 Installation Manual (176 pages)

Brand: NOVELL | Category: Software | Size: 3 MB

Novell Categories

Software Server Print Server Gateway

Desktop

More Novell Manuals

Novell SENTINEL 6.1 SP2 Manuals

NOVELL SENTINEL 6.1 SP2 User Manual (528 pages)

Table of Contents

Preface

Sentinel Control Center

Active Views Tab

Correlation Tab

Incidents Tab

Chapter 5, "Itrac Workflows," on

Itrac Workflows

Work Items

Analysis Tab

Chapter 2, "Active Views Tab," on

Advisor Usage and Maintenance

Download Manager

Chapter 10, "Event Source Management," on

Event Source Management

Administration

Sentinel Data Manager

Utilities

Quick Start

Chapter 8, "Advisor Usage and Maintenance," on

Chapter 3, "Correlation Tab," on

Chapter 4, "Incidents Tab," on

Solution Packs

Actions and Integrator

Chapter 11, "Administration," on

Sentinel Link Solution

Identity Integration

A Sentinel Architecture

Appendix B, "System Events for Sentinel," on

NOVELL SENTINEL 6.1 SP2 Reference Manual (232 pages)

Table of Contents

Table of Contents

Preface

2 Sentinel Event Fields

3 Sentinel Control Center User Permissions

4 Sentinel Correlation Engine Rulelg Language

5 Sentinel Data Access Service

6 Sentinel Accounts and Password Changes

7 Sentinel Database Views for Oracle

7.1.43 Events_All_Rpt_V1 (Legacy View)

8 Sentinel Database Views for Microsoft SQL Server

E Sentinel Log Locations

NOVELL SENTINEL 6.1 SP2 Installation Manual (176 pages)

Table of Contents

Preface

Introduction

System Requirements

Installing Sentinel 6.1 SP2

Testing the Installation

Adding Sentinel Components

Communication Layer (Iscale)

Crystal Reports for Windows

Chapter 7, "Crystal Reports for Windows," on

Related Products

Novell Categories