Rules

NetIQ’s Sentinel product is a SIEM solution that provides the ability to capture events from any number of event sources, and of any type, into a system that normalizes the data, finds meaning in a barrage of nonsense (needle in a haystack), and includes incidents management based on custom workflows as defined by each customer….

+ read more

By: ab
Jan 21, 2015
11:50 am
Reads:
1,267
Score:
5

Purposes: POC (internal use only) Version: Sentinel 7 (it would work on Sentinel 6 as well) and Novell Identity Manager Type: Solution Pack Some notes: – This pack has some correlation rules that were grouped by InfoSec (security) and Operational issues. – A specific action (correlated event) was added but you can use whatever action….

+ read more

By: hhigashi
Aug 18, 2012
2:34 pm
Reads:
1,098
Score:
Unrated

Purposes: POC (internal use only) Version: Sentinel 7 (it would work on Sentinel 6 as well) Type: Solution Pack Some notes: – This solution pack was built based on some (not all) Change Guardian rules and there are around 47 correlation rules– It could be used when Change Guardian is missing and you need some…

+ read more

By: hhigashi
Aug 18, 2012
11:12 am
Reads:
1,469
Score:
Unrated

This AppNote by Justin Birt explains how to construct complex conditional statements within a single IDM rule.

By: 9556613
Sep 12, 2007
10:00 am
Reads:
1,893
Score:
Unrated

Geoffrey Carman handles an exception to the Veto rule in this tip.

geoffc
By: geoffc
Jun 13, 2007
4:39 am
Reads:
1,596
Score:
Unrated

Tired of adding proxies to block lists to keep up with crafty students? This tip from Rod Urquhart shows how to deny about 90% of proxy server sites at once.

By: urquharr
Jun 6, 2007
8:27 am
Reads:
1,431
Score:
Unrated

Daniel Griswold helps us stay one step ahead of those crafty students looking to bypass blocking filters …

By: coolguys
May 16, 2007
6:56 am
Reads:
1,766
Score:
Unrated

Here’s a tip from Geoff Carman that helps you apply scoping to your IDM driver without inadvertently vetoing the driver startup.

geoffc
By: geoffc
May 9, 2007
5:32 am
Reads:
1,385
Score:
Unrated

David Gersic shares an placement rule that uses the IDM mapping table to get eDirectory users into a target context.

By: dgersic
May 2, 2007
6:50 am
Reads:
1,522
Score:
Unrated

Here’s a tip from Aaron Burgemeister that helps you use Identity Manager to put a new GroupWise account into two different Post Office objects.

By: ab
Apr 3, 2007
2:15 am
Reads:
1,273
Score:
Unrated