NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 06-15-2009 Manuals

Manuals and User Guides for NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 06-15-2009. We have 1 NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 06-15-2009 manual available for free PDF download: Reference Manual

NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 06-15-2009 Reference Manual

NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 06-15-2009 Reference Manual (136 pages)

Brand: NOVELL | Category: Software | Size: 1.95 MB

Table of Contents

Table of Contents
5
About this Guide

9
1 Sentinel 6.1 Rapid Deployment Event Fields

11
- Event Field Labels and Tags
  11
  - Free-Form Filters and Correlation Rules
    12
  - Actions
    13
  - Proprietary Collectors
    15
  - Javascript Collectors
    15
- List of Fields and Representations
  15
2 Sentinel 6.1 Rapid Deployment Control Center User Permissions

25
- Changing User Permissions
  25
- General
  27
- Active Views
  28
  - Active Views - Menu Items
    29
- Itrac
  29
  - Itrac - Template Management
    29
  - Itrac - Process Management
    30
- Incidents
  30
- Integrators
  30
- Actions
  31
- Event Source Management
  31
- Analysis Tab
  32
- Administration
  32
  - Administration - Global Filters
    32
  - Administration - Server Views
    33
- Correlation
  33
- Solution Pack
  33
- Identity
  33
- Reporting
  34
- Downloading
  35
- Java Webstart
  35
3 Sentinel 6.1 Rapid Deployment Correlation Engine Rulelg Language

37
- Correlation Rulelg Language Overview
  37
- Event Fields
  38
- Event Operations
  38
  - Filter Operation
    38
  - Window Operation
    40
  - Trigger Operation
    42
- Rule Operations
  42
  - Gate Operation
    43
  - Sequence Operation
    43
- Operators
  44
  - Flow Operator
    44
  - Union Operator
    44
  - Intersection Operator
    44
  - Discriminator Operator
    45
- Order of Operators
  45
- Differences between Correlation in 5.X and 6.X
  45
4 Sentinel 6.1 Rapid Deployment Data Access Service

47
- DAS Container Files
  47
  - Reconfiguring Database Connection Properties
    47
  - DAS Logging Properties Configuration Files
    48
5 Sentinel 6.1 Rapid Deployment Accounts and Password Changes

51
- Sentinel Default Users
  51
- Password Changes
  51
  - Changing Application User Passwords
    52
  - Changing Database Passwords
    52
6 Sentinel 6.1 Rapid Deployment Database Views for Postgresql

55
- Views
  55
  - Actvy_Parm_Rpt_V
    58
  - Actvy_Ref_Parm_Val_Rpt_V
    59
  - Actvy_Ref_Rpt_V
    59
  - Actvy_Rpt_V
    59
  - Adv_Attack_Map_Rpt_V
    60
  - Adv_Attack_Plugin_Rpt_V
    60
  - Adv_Attack_Rpt_V
    61
  - Adv_Attack_Signatures
    62
  - Adv_Feed_Rpt_V
    62
  - Adv_Master_Rpt_V
    63
  - Adv_Product_Rpt_V
    63
  - Adv_Product_Service_Pack_Rpt_V
    64
  - Adv_Product_Version_Rpt_V
    64
  - Adv_Vendor_Rpt_V
    65
  - Adv_Vuln_Kb_Rpt_V
    66
  - Adv_Vuln_Product_Rpt_V
    66
  - Adv_Vuln_Signatures
    67
  - Annotations_Rpt_V
    67
  - Asset_Category_Rpt_V
    67
  - Asset_Hostname_Rpt_V
    68
  - Asset_Ip_Rpt_V
    68
  - Asset_Location_Rpt_V
    68
  - Asset_Rpt_V
    69
  - Asset_Value_Rpt_V
    69
  - Asset_X_Entity_X_Role_Rpt_V
    70
  - Associations_Rpt_V
    70
  - Attachments_Rpt_V
    71
  - Audit_Record_Rpt_V
    71
  - Configs_Rpt_V
    72
  - Contacts_Rpt_V
    72
  - CORRELATED_EVENTS_RPT_V (Legacy View)
    73
  - Correlated_Events_Rpt_V1
    73
  - Criticality_Rpt_V
    73
- Cust_Hierarchy_V
  74
- Cust_Rpt_V
  74
- Entity_Type_Rpt_V
  75
- Env_Identity_Rpt_V
  75
- Esec_Content_Grp_Content_Rpt_V
  75
- Esec_Content_Grp_Rpt_V
  76
- Esec_Content_Pack_Rpt_V
  76
- Esec_Content_Rpt_V
  76
- Esec_Ctrl_Ctgry_Rpt_V
  77
- Esec_Ctrl_Rpt_V
  77
- Esec_Display_Rpt_V
  78
- Esec_Port_Reference_Rpt_V
  79
- Esec_Protocol_Reference_Rpt_V
  79
- Esec_Sequence_Rpt_V
  80
- Esec_Uuid_Uuid_Assoc_Rpt_V
  80
- EVENTS_ALL_RPT_V (Legacy View)
  80
- EVENTS_ALL_RPT_V1 (Legacy View)
  81
- EVENTS_ALL_V (Legacy View)
  81
- EVENTS_RPT_V (Legacy View)
  81
- EVENTS_RPT_V1 (Legacy View)
  81
- Events_Rpt_V2
  81
- Events_Rpt_V3
  86
- Evt_Agent_Rpt_V
  90
- Evt_Agent_Rpt_V3
  91
- Evt_Asset_Rpt_V
  91
- Evt_Asset_Rpt_V3
  93
- Evt_Dest_Evt_Name_Smry_1_Rpt_V
  94
- Evt_Dest_Smry_1_Rpt_V
  94
- Evt_Dest_Txnmy_Smry_1_Rpt_V
  95
- Evt_Name_Rpt_V
  95
- Evt_Port_Smry_1_Rpt_V
  96
- Evt_Prtcl_Rpt_V
  96
- Evt_Prtcl_Rpt_V3
  97
- Evt_Rsrc_Rpt_V
  97
- Evt_Sev_Smry_1_Rpt_V
  97
- Evt_Src_Collector_Rpt_V
  98
- Evt_Src_Grp_Rpt_V
  98
- Evt_Src_Mgr_Rpt_V
  99
- Evt_Src_Offset_Rpt_V
  99
- Evt_Src_Rpt_V
  99
- Evt_Src_Smry_1_Rpt_V
  100
- Evt_Src_Srvr_Rpt_V
  101
- Evt_Txnmy_Rpt_V
  101
- Evt_Usr_Rpt_V
  102
- Evt_Xdas_Txnmy_Rpt_V
  102
- External_Data_Rpt_V
  102
- HIST_CORRELATED_EVENTS_RPT_V (Legacy View)
  103
- HIST_EVENTS_RPT_V (Legacy View)
  103
- Images_Rpt_V
  103
- Incidents_Assets_Rpt_V
  103
- Incidents_Events_Rpt_V
  104
- Incidents_Rpt_V
  104
- Incidents_Vuln_Rpt_V
  105
- L_Stat_Rpt_V
  105
- Logs_Rpt_V
  106
- Mssp_Associations_V
  106
- Network_Identity_Rpt_V
  106
- Organization_Rpt_V
  107
- Person_Rpt_V
  107
  - Physical_Asset_Rpt_V
    107
  - Product_Rpt_V
    108
  - Role_Rpt_V
    108
  - Rpt_Labels_Rpt_V
    109
  - Sensitivity_Rpt_V
    109
  - Sentinel_Host_Rpt_V
    109
  - Sentinel_Plugin_Rpt_V
    110
  - Sentinel_Rpt_V
    110
  - States_Rpt_V
    110
  - Unassigned_Incidents_Rpt_V
    111
  - Users_Rpt_V
    111
  - Usr_Account_Rpt_V
    112
  - Usr_Identity_Ext_Attr_Rpt_V
    113
  - Usr_Identity_Rpt_V
    113
  - Vendor_Rpt_V
    114
  - Vuln_Calc_Severity_Rpt_V
    114
  - Vuln_Code_Rpt_V
    114
  - Vuln_Info_Rpt_V
    115
  - Vuln_Rpt_V
    115
  - Vuln_Rsrc_Rpt_V
    116
  - Vuln_Rsrc_Scan_Rpt_V
    117
  - Vuln_Scan_Rpt_V
    117
  - Vuln_Scan_Vuln_Rpt_V
    118
  - Vuln_Scanner_Rpt_V
    118
  - Workflow_Def_Rpt_V
    118
  - Workflow_Info_Rpt_V
    119
  - Deprecated Views
    119
A Sentinel 6.1 Rapid Deployment Troubleshooting Checklist

121
B Sentinel 6.1 Rapid Deployment Service Permission Tables

125
- Advisor
  125
- B.1 Advisor
  125
- Collector Manager
  126
- B.2 Collector Manager
  126
- Correlation Engine
  127
- B.3 Correlation Engine
  127
- Data Access Server (DAS)
  128
- Sentinel Communication Server
  129
- Sentinel Service
  130
- B.6 Sentinel Service
  130
- Reporting Engine
  131
- B.7 Reporting Engine
  131
C Sentinel 6.1 Rapid Deployment Log Locations

133
- Sentinel Data Manager
  133
- Itrac
  133
- Advisor
  133
- DAS Server
  133
  - C.2 Itrac
    133
  - C.3 Advisor
    133
  - C.4 das Server
    133
- Event Insertion
  134
- Messaging
  134
- Collector Manager
  134
- Correlation Engine
  134
- Sentinel Control Center
  134
  - C.5 Event Insertion
    134
  - C.6 Messaging
    134
  - C.7 Collector Manager
    134
  - C.8 Correlation Engine
    134
  - C.9 Sentinel Control Center
    134

Advertisement

Advertisement

Related Products

NOVELL Categories

Software Server

Desktop

Printer

Printer Recording Equipment

More NOVELL Manuals