Sign In
Upload
Manuals
Brands
NOVELL Manuals
Software
SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 Manuals
Manuals and User Guides for NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009. We have
1
NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 manual available for free PDF download: User Manual
NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 User Manual (480 pages)
Brand:
NOVELL
| Category:
Software
| Size: 12.21 MB
Table of Contents
Table of Contents
5
About this Guide
17
1 Managing Sentinel 6.1 Rapid Deployment through the Web Interface
19
Accessing the Novell Sentinel Web Interface
19
Applications and Installers
19
Reporting
21
Running Reports
21
Viewing Reports
24
Scheduling a Report
26
Managing Reports
27
Searching Events
31
Running an Event Search
31
Viewing Search Results
34
Event Fields
37
2 Sentinel Control Center
41
Log in to the Sentinel Control Center
41
Linux
41
Windows
41
About Sentinel Control Center
42
Active Views
43
Incidents
43
Itrac
43
Analysis
44
Admin
44
Correlation
44
Event Source Management
44
Solution Packs
45
Identity Integration
45
Introduction to the User Interface
45
Menu Bar
46
Toolbar
46
Tabs
48
Frames
48
Using the Sentinel Control Center to Navigate
48
Changing the Appearance of the Sentinel Control Center
49
Saving User Preferences
50
Changing Password
50
Configuring the Attachment Viewer
50
3 Active Views Tab
53
Understanding Active Views
53
Introduction to the User Interface
54
Reconfiguring Total Display Time
57
Viewing Real-Time Events
57
Resetting the Parameters and Chart Type of an Active View
60
Rotating a 3D Bar or Ribbon Chart
61
Showing and Hiding Event Details
61
Sending Mail Messages about Events and Incidents
62
Creating Incidents
63
Viewing Events that Trigger Correlated Events
64
Investigating an Event or Events
65
Investigate: Event Query
66
Investigate: Graph Mapper
66
Historical Event Query
67
Active Browser
68
Viewing Advisor Data
70
Viewing Asset Data
71
Viewing Vulnerabilities
72
Ticketing System Integration
77
Viewing User Information
77
Using Custom Menu Options with Events
77
Managing Columns in a Snapshot or Navigator Window
78
Taking a Snapshot of a Navigator Window
79
Sorting Columns in a Snapshot
79
Closing a Snapshot or Navigator
79
Adding Events to an Incident
79
4 Correlation Tab
83
Understanding Correlation
83
Technical Implementation
84
Introduction to the User Interface
85
Correlation Rules
85
Opening the Correlation Rule Manager
86
Creating a Rule Folder
86
Renaming a Rule Folder
86
Deleting a Rule Folder
86
Creating a Correlation Rule
86
Creating Correlation Rules
87
Deploying and Undeploying Correlation Rules
95
Enabling and Disabling Rules
96
Renaming and Deleting a Correlation Rule
96
Sorting Correlation Rules
96
Moving a Correlation Rule
97
Importing a Correlation Rule
97
Exporting a Correlation Rule
98
Dynamic Lists
98
Adding a Dynamic List
99
Modifying a Dynamic List
100
Deleting a Dynamic List
100
Removing Dynamic List Elements
100
Using a Dynamic List in a Correlation Rule
100
Correlation Engine
102
Starting or Stopping a Correlation Engine
102
Renaming a Correlation Engine
102
Correlation Actions
102
Configuring a Correlated Event
103
Adding to a Dynamic List
104
Removing a Value from a Dynamic List
105
Executing a Command
106
Creating an Incident
107
Sending an E-Mail
108
Imported Javascript Action Plugins
108
5 Incidents Tab
109
Understanding an Incident
109
Introduction to User Interface
109
Incident View
110
Incident
110
Manage Incident Views
111
Adding a View
111
Modifying a View
114
Deleting a View
115
Default View
115
Manage Incidents
115
Creating Incidents
115
Viewing an Incident
116
Attaching Workflows to Incidents
116
Adding Notes to Incidents
117
Adding Attachments to Incidents
117
Executing Incident Actions
118
E-Mailing an Incident
119
Modifying Incidents
120
Deleting Incidents
121
Switch between Existing Incident Views
121
6 Itrac Workflows
123
Understanding Itrac Workflows
123
Introduction to the User Interface
124
Template Manager
125
Default Templates
125
Template Builder Interface
126
Creating Templates
127
Managing Templates
128
Steps
129
Start Step
130
Manual Step
130
Decision Step
134
Mail Step
134
Command Step
134
Activity Step
135
End Step
136
Adding Steps to a Workflow
136
Managing Steps
136
Transitions
141
Unconditional Transitions
141
Conditional Transitions
142
Else Transitions
146
Timeout Transitions
146
Alert Transitions
147
Error Transition
148
Managing Transitions
148
Activities
149
Incident Command Activity
150
Incident Internal Activity
151
Eradication Activity
151
Incident Composite Activity
151
Creating Itrac Activities
151
Managing Activities
154
Process Management
155
Instantiating a Process
156
Automatic Step Execution
156
Manual Step Execution
157
Displaying Status
157
Displaying the Status of a Process
157
Changing Views in the Process Manager
158
Starting or Terminating a Process
159
7 Work Items
161
Work Item Summary
161
Processing a Work Item
164
Accepting and Completing a Work Item
164
Managing Work Items of Other Users
165
8 Analysis Tab
167
Introduction to the User Interface
167
Top Ten Dashboard
167
Offline Query
169
Creating an Offline Query
169
Viewing, Exporting, or Deleting an Offline Query
170
9 Event Source Management
171
Understanding Event Source Management
171
Using Event Source Management
171
Plug-In Repository
172
Auxiliary Files
172
Introduction to the User Interface
172
Menu Bar
173
Toolbar
174
Zoom
174
Frames
175
Live View
180
Graphical ESM View
180
Tabular ESM View
182
Right-Click Menu
182
Components of Event Source Hierarchy
184
Component Status Indicators
185
Adding Components to the Event Source Hierarchy
186
Collectors
186
Debugging
202
Collector Workspace and Collector Directory
203
Debugging Proprietary Collectors
203
Debugging Javascript Collectors
205
Using the Raw Data Tap to Generate a Flat File
209
Exporting a Configuration
210
Importing a Configuration
212
Enabling or Disabling the Import Configuration
213
Resetting the Layout
215
Undoing the Layout
215
Redo Layout
215
Event Source Management Scratchpad
216
Comparing Sentinel 5.X and Sentinel 6.0
216
10 Administration
219
Understanding the Admin Tab
219
Introduction to the User Interface
220
Servers View
221
Monitoring a Process
222
Creating a Servers View
222
Starting, Stopping, and Restarting Processes
223
Filters
223
Public Filters
223
Private Filters
224
Global Filters
224
Configuring Public and Private Filters
227
Color Filter Configuration
229
Configure Menu Options
232
Adding an Option to the Event Menu
234
Cloning an Event Menu Option
235
Modifying an Event Menu Option
236
Viewing Event Menu Option Parameters
236
Activating or Deactivating an Event Menu Option
236
Rearranging Event Menu Options
236
Deleting an Event Menu Option
236
Editing Your Event Menu Browser Settings
237
DAS Statistics
238
Mapping
239
Adding Map Definitions
241
Adding a Number Range Map Definition
243
Editing Map Definitions
246
Deleting Map Definitions
246
Updating Map Data
247
Event Configuration
249
Event Mapping
249
Renaming Tags
253
Report Data Configuration
254
Disabling or Enabling a Summary
255
Viewing Information for a Summary
256
Checking the Validity of a Summary
256
Query the Event Files for a Summary
257
Running the Event Files for a Summary
258
User Configurations
259
Opening the User Manager Window
259
Creating a User Account
259
Modifying a User Account
264
Viewing Details of a User Account
264
Cloning a User Account
264
Deleting a User Account
264
Terminating an Active User Session
264
Adding an Itrac Role
265
Deleting an Itrac Role
265
Viewing the Details of a Role
265
11 Sentinel Data Manager
267
Understanding the Sentinel Data Manager
267
Using the SDM GUI
267
Prerequisites
267
Starting the SDM GUI
268
Connecting to the Database
268
Partitions Tab
269
Tablespaces Tab
272
Partition Configuration
273
Managing Disk Space Allocation
275
Using the SDM Command Line
275
Prerequisite
276
Syntax of the SDM Command
276
Starting the SDM GUI
276
Saving Connection Properties for Sentinel Data Manager
276
Adding Partitions
277
Dropping Partitions
278
Viewing Partition Summaries
279
Archiving Data
280
Importing Data
281
Deleting Imported Data
282
Viewing Sentinel Database Space Usage
283
12 Utilities
285
Introduction to Sentinel Utilities
285
Starting and Stopping a Sentinel Server
285
Starting a Sentinel Server
286
Stopping a Sentinel Server
286
Sentinel Scripts
286
Operational Scripts
286
Troubleshooting Scripts
287
Version Information
289
Executable Version Information
289
Sentinel .Jar Version Information
289
Database Cleanup
289
Components
290
Prerequisites
290
Running Clean_Database.sh
290
Updating Your License Key
292
13 Quick Start
293
Security Analysts
293
Active Views Tab
293
Exploit Detection
294
Asset Data
295
Event Query
296
Creating Incidents
297
Itrac
298
Instantiating a Process
298
Correlation
308
Creating a Simple Correlation Rule
309
Deploying the Simple Correlation Rule
309
Viewing the Events that Triggered Your Correlated Event
310
14 Solution Packs
311
Components of a Solution Pack
312
Permissions for Using Solution Packs
313
Solution Manager
314
Solution Manager Interface
315
Managing Solution Packs
316
Importing Solution Packs
317
Opening Solution Packs
319
Installing Content from Solution Packs
321
Implementing Controls
325
Testing Controls
326
Uninstalling Controls
326
Viewing Solution Pack Status
328
Deleting Solution Packs
330
Solution Designer
331
Solution Designer Interface
331
Connection Modes
333
Creating a Solution Pack
334
Managing Content Hierarchy Nodes
335
Adding Content to a Solution Pack
336
Documenting a Solution Pack
338
Editing a Solution Pack
339
Deploying an Edited Solution Pack
340
15 Action Manager and Integrator
341
Action Manager
341
Action Plug-Ins
343
Importing Javascript Action Plug-Ins
343
Importing Javascript Files
346
Actions
354
Creating Actions
354
Editing Actions
355
Deleting Actions
355
Using Javascript Actions
355
Developing Javascript Actions
356
Integrator Manager
360
Permissions for Using Integrators
361
Integrator Plug-Ins
362
Importing Integrator Plugins
362
Deleting Integrator Plug-Ins
362
Integrators
363
Creating an Integrator Instance
363
Editing an Integrator Instance
363
Deleting an Integrator Instance
363
Integrator Connection Status
363
Viewing Integrator Health Details
364
Integrator Events Query
365
Using Integrators from Actions
367
16 Identity Integration
369
Integration with Novell Identity Manager
370
Identity Browser
373
Searching Profiles
373
Viewing Profile Details
374
Using the Clipboard Functionality
377
Reports
377
17 Advisor Usage and Maintenance
379
Understanding Advisor
379
Installing Advisor
381
Viewing Advisor Data
381
Using Menu Options to View Data
381
Maintaining Advisor
381
Updating Data in Advisor Tables
382
Changing the Advisor E-Mail Configuration
382
Changing the Scheduled Data Update Time
383
A Sentinel 6.1 Rapid Deployment Architecture
385
Sentinel 6.1 Rapid Deployment Features
385
Functional Architecture
385
A.2 Functional Architecture
385
Architecture Overview
387
Communication Server
388
A.3.1 Communication Server
388
Sentinel Events
389
A.3.2 Sentinel Events
389
Event Source Management
393
Application Integration
394
Time
394
A.3.4 Application Integration
394
A.3.5 Time
394
System Events
395
A.3.6 System Events
395
Processes
396
A.3.7 Processes
396
Logical Architecture
398
A.4 Logical Architecture
398
Collection and Enrichment Layer
399
Business Logic Layer
403
A.4.3 Presentation Layer
409
Presentation Layer
409
B System Events for Sentinel
413
Authentication Events
413
Authentication
413
B.1 Authentication Events
413
B.1.1 Authentication
413
Creating Entry for External User
414
Duplicate User Objects
414
Failed Authentication
414
B.1.4 Failed Authentication
414
Locked Account
415
B.1.5 Locked Account
415
No such User Event
415
Too Many Active Users
416
User Discovered
416
User Logged in
416
B.1.8 User Discovered
416
B.1.9 User Logged in
416
User Logged out
417
User Management
417
Add Users to Role
417
B.1.10 User Logged out
417
B.2 User Management
417
B.2.1 Add Users to Role
417
Create Role
418
Create User
418
B.2.2 Create Role
418
B.2.3 Create User
418
Creating User Account
418
Delete Role
419
B.2.5 Delete Role
419
Deleting User Account
419
Locking User Account
419
Remove Users from Role
420
Resetting Password
420
B.2.9 Resetting Password
420
Unlocking User Account
420
Updating User
421
Database Event Management
421
B.2.11 Updating User
421
B.3 Database Event Management
421
Diskspace Usage Reached Lower Threshold
422
Diskspace Usage Reached Upper Threshold
422
Dropping the Oldest Partition
422
Database Space Reached Specified Percent Threshold
423
Database Space Reached Specified Time Threshold
423
Failing to Drop Online Currentpartition
423
Database Space very Low
424
Error Inserting Events
424
Error Moving Completed File
424
Error Processing Event Message
425
Error Saving Failed Events
425
Event Insertion Is Blocked
425
Event Insertion Is Resumed
426
Event Message Queue Overflow
426
Event Processing Failed
426
B.3.18 Partition Configuration
427
No Space in the Database
427
Opening Archive File Failed
427
Partition Configuration
427
Writing to Archive File Failed
428
Writing to the Overflow Partition (P_MAX)
428
Database Aggregation
428
B.4 Database Aggregation
428
B.4.1 Creating Summary
429
B.4.2 Deleting Summary
429
B.4.3 Disabling Summary
429
Creating Summary
429
Deleting Summary
429
Disabling Summary
429
Enabling Summary
430
Error Inserting Summary Data into the Database
430
Saving Summary
430
Mapping Service
430
B.4.4 Enabling Summary
430
B.4.5 Error Inserting Summary Data into the Database
430
B.4.6 Saving Summary
430
B.5 Mapping Service
430
B.5.2 Error Applying Incremental Update
431
Error
431
Error Applying Incremental Update
431
Error Initializing Map with ID
432
Error Refreshing Map
432
Error Saving Data File
433
Get File Size
433
Loaded Large Map
433
Long Time to Load Map
434
Out of Sync Detected
434
Refreshing Map from Cache
434
Refreshing Map from Server
435
Save Data File
435
Saved Data File
436
Timed out Waiting for Callback
436
Timeout Refreshing Map
436
Update
437
Event Router
437
B.5.16 Update
437
B.5.17 Update
437
B.6 Event Router
437
Event Router Is Initializing
438
Event Router Is Running
438
Event Router Is Stopping
438
Event Router Is Terminating
439
Correlation Engine
439
Correlation Action Definition
440
Correlation Engine Configuration
440
Correlation Engine Is Running
440
Correlation Engine Is Stopped
441
Correlation Rule
441
B.7.5 Correlation Rule
441
Correlation Rule Configuration
441
Deploy Rules with Actions to Engine
442
Disabling Rule
442
Enabling Rule
442
B.7.8 Disabling Rule
442
B.7.9 Enabling Rule
442
Rename Correlation Engine
443
Rule Deployment Is Modified
443
Rule Deployment Is Started
443
Rule Deployment Is Stopped
444
Starting Engine
444
Stopping Engine
444
B.7.14 Starting Engine
444
B.7.15 Stopping Engine
444
Undeploy All Rules from Engine
445
Undeploy Rule
445
B.7.17 Undeploy Rule
445
Update Correlation Rule Actions
445
Event Source Management:general
445
Collector Manager Initialized
446
Collector Manager Is down
447
Collector Manager Started
447
Collector Manager Stopped
447
Collector Service Callback
448
Cyclical Dependency
448
B.8.6 Cyclical Dependency
448
Event Source Manager Callback
448
Initializing Collector Manager
449
Lost Contact with Collector Manager
449
No Data Alert
449
B.8.10 no Data Alert
449
Persistent Process Died
449
Persistent Process Restarted
450
Port Start
450
Port Stop
450
B.8.13 Port Start
450
B.8.14 Port Stop
450
Reestablished Contact with Collector Manager
451
Restart Plugin Deployments
451
Restarting Collector Manager (Cold Restart)
452
Restarting Collector Manager (Warm Restart)
452
Start Event Source Group
452
Start Event Source Manager
453
Starting Collector Manager
453
Stop Event Source Group
453
Stop Event Source Manager
454
Stopping Collector Manager
454
Event Source Management-Event Sources
454
Start Event Source
454
Stop Event Source
455
B.10.1 Start Collector
455
Event Source Management-Collectors
455
Start Collector
455
B.10.2 Stop Collector
455
Stop Collector
455
Event Source Management-Event Source Servers
456
Start Event Source Server
456
Stop Event Source Server
456
B.12.1 Data Received after Timeout
457
Event Source Management-Connectors
457
Data Received after Timeout
457
B.12.2 Data Timeout
457
Data Timeout
457
File Rotation
458
B.12.3 File Rotation
458
Process Auto Restart Error
458
Process Start Error
458
Process Stop
459
WMI Connector Status Message
459
B.12.6 Process Stop
459
B.12.7 WMI Connector Status Message
459
Active Views
459
Active View Created
460
Active View Joined
460
Active View no Longer Permanent
460
Active View Now Permanent
461
Idle Active View Removed
461
Idle Permanent Active View Removed
461
B.14.1 Activity Definition
462
Data Objects
462
Activity Definition
462
B.14.2 Configuration
462
Configuration
462
Viewing Configuration Store
463
Write Data
463
B.14.4 Write Data
463
Activities
463
Creating an Activity
464
Deleting an Activity
464
Saving an Activity
464
B.15.1 Creating an Activity
464
B.15.2 Deleting an Activity
464
B.15.3 Saving an Activity
464
Incidents and Workflows
464
Add Events to Incident
465
Adding Process Definition
465
Create Incident
466
Creating Group
466
Creating User
466
B.16.3 Create Incident
466
B.16.4 Creating Group
466
B.16.5 Creating User
466
Delete Incident
467
Deleting Group
467
B.16.6 Delete Incident
467
B.16.7 Deleting Group
467
Deleting Process Definition
467
Deleting User
468
B.16.9 Deleting User
468
E-Mail Incident
468
Get Incident
468
Save Incident
469
Saving Group
469
Saving Process Definition
469
Send Incident to Hp Service Desk
470
Send Incident to Hpovo
470
Viewing Process Definition
470
General
470
Configuration Service
471
Controlled Process Is Started
471
Controlled Process Is Stopped
472
Importing Auxiliary
472
Importing Plug-In
472
B.17.4 Importing Auxiliary
472
B.17.5 Importing Plug-In
472
Load Esec Taxonomy to XML
473
Process Auto Restart Error
473
Process Restarts
473
B.17.8 Process Restarts
473
Proxy Client Registration Service (Medium)
474
Restarting Process
474
Restarting Processes
474
Starting Process
475
Starting Processes
475
Stopping Process
475
Stopping Processes
476
Store Esec Taxonomy from XML
476
Watchdog Process Is Started
476
Watchdog Process Is Stopped
477
C Documentation Updates
479
September 2009
479
August 2009
479
C.1 September 2009
479
C.2 August 2009
479
Advertisement
Advertisement
Related Products
NOVELL SENTINEL 6.1 SP1 HOTFIX 2 - READ ME 9-2009
NOVELL SENTINEL 6.1.1.0 - README
NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 06-15-2009
NOVELL NETWARE 6-DOCUMENTATION
NOVELL ZENWORKS PATCH MANAGEMENT 6.3 - S
NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - S
NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - AGENT
Novell Sentinel Rapid Deployment 6.1
Novell NETWARE 6
Novell SENTINEL 6.1 SP2
NOVELL Categories
Software
Server
Print Server
Gateway
Desktop
More NOVELL Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL