The Universal CEF Collector parses non-event data and transform the raw scan data into a format understood by Sentinel. Sentinel then stores the vulnerability data in the database and includes it in the Exploit Detection map. For more detailed information about Sentinel collectors, see the Sentinel Collector Script User’s Guide.
To install the Universal CEF Collector,
Download the latest Universal CEF Collector (.zip file) from the Sentinel Plug-ins website.
Log in to the Sentinel Control Center.
Select the Event Source Management > Live View, then select Tools > Import plugin.
Browse to and select the .zip file you just downloaded, then click Next.
Follow the remaining prompts, then click Finish.
The Universal CEF Collector must be configured to work. To configure the Universal CEF Collector,
In the Event Source Management live view, right-click Sentinel Server, then click Add Collector.
Select Universal in the Vendor column.
Select Common Event Format in the Name column, then click Next.
From the Installed Collectors column, select Universal_Common-Event-Format_Collector_Version, then click Next. For example, Universal Common Event Format 2011.1r4.
Follow the prompts and click Finish.
The next step is to proceed to Section 4.0, Installing the Syslog Connector.