Rules

NetIQ’s Sentinel product is a SIEM solution that provides the ability to capture events from any number of event sources, and of any type, into a system that normalizes the data, finds meaning in a barrage of nonsense (needle in a haystack), and includes incidents management based on custom workflows as defined by each customer….

+ read more

By: ab
Jan 21, 2015
11:50 am
Reads:
555
Score:
5

Purposes: POC (internal use only) Version: Sentinel 7 (it would work on Sentinel 6 as well) and Novell Identity Manager Type: Solution Pack Some notes: – This pack has some correlation rules that were grouped by InfoSec (security) and Operational issues. – A specific action (correlated event) was added but you can use whatever action….

+ read more

By: hhigashi
Aug 18, 2012
2:34 pm
Reads:
675
Score:
Unrated

Purposes: POC (internal use only) Version: Sentinel 7 (it would work on Sentinel 6 as well) Type: Solution Pack Some notes: – This solution pack was built based on some (not all) Change Guardian rules and there are around 47 correlation rules- It could be used when Change Guardian is missing and you need some…

+ read more

By: hhigashi
Aug 18, 2012
11:12 am
Reads:
965
Score:
Unrated

This AppNote by Justin Birt explains how to construct complex conditional statements within a single IDM rule.

By: 9556613
Sep 12, 2007
10:00 am
Reads:
1,385
Score:
Unrated

Geoffrey Carman handles an exception to the Veto rule in this tip.

geoffc
By: geoffc
Jun 13, 2007
4:39 am
Reads:
1,041
Score:
Unrated

Tired of adding proxies to block lists to keep up with crafty students? This tip from Rod Urquhart shows how to deny about 90% of proxy server sites at once.

By: urquharr
Jun 6, 2007
8:27 am
Reads:
985
Score:
Unrated

Daniel Griswold helps us stay one step ahead of those crafty students looking to bypass blocking filters …

By: coolguys
May 16, 2007
6:56 am
Reads:
1,323
Score:
Unrated

Here’s a tip from Geoff Carman that helps you apply scoping to your IDM driver without inadvertently vetoing the driver startup.

geoffc
By: geoffc
May 9, 2007
5:32 am
Reads:
923
Score:
Unrated

David Gersic shares an placement rule that uses the IDM mapping table to get eDirectory users into a target context.

By: dgersic
May 2, 2007
6:50 am
Reads:
964
Score:
Unrated

Here’s a tip from Aaron Burgemeister that helps you use Identity Manager to put a new GroupWise account into two different Post Office objects.

By: ab
Apr 3, 2007
2:15 am
Reads:
837
Score:
Unrated