8.1 Overview
You can create and delete tags and associate them with different objects in the system. Each tag may be associated with one or more data collection objects. Tags can be added as field to all incoming data and can be used to filter data.
You can associate more than one object with a tag. Similarly, an object can also be associated with more than one tags. You can, for example, create tags related to regulations (PCI) or compromised systems or network infrastructure such as routers, switches, and firewalls. Some organizations have to define data retention or data viewing policies based on the geographic location, so tags can be used to tag event sources based on different locations.
The Tags UI provides you with options to add and remove tags, maintain a list of favorites, and search tagged events.You can perform text-refined searches to find the tags that you are looking for. Sentinel Log Manager also allows you to search for events, report definitions and report templates that are tagged with a particular tag.
When ESM objects such as event sources, event servers, Collector Managers, or Collector plug-ins are tagged, all the events from those ESM objects are tagged with that value. The tag value is placed in a reserved variable rv145. However, event generated before tagging of the ESM objects are not tagged. Sentinel Log Manager does not perform retroactive tagging of data that is already stored because it is not an accepted practice to modify the events that are already stored.
Sentinel Log Manager comes with some default tags. For more information on default tags, see Table 8-1. You can either use default tags or create new tags, based on your requirements. For more information on creating new tags, see Section 8.2, Creating a Tag.
Table 8-1 Default Tags
|
APP |
Tag for general application or service not in other category. |
|
AV |
Tag for data related to the antivirus. |
|
CM |
Tag for configuration management related data. |
|
DB |
Tag for data related to database. |
|
FISMA |
Tag for data related to the Federal Information Security Management Act (FISMA) regulation. |
|
FW |
Tag for data related to network firewall. |
|
GLBA |
Tag for data related to the Gramm Leach Bliley Act (GLBA) regulation. |
|
HIPAA |
Tag for data related to the The Health Insurance Portability and Accountability Act (HIPAA) regulation. |
|
IDM |
Tag for data related to identity management. |
|
IDS |
Tag for data related to Intrusion Detection/Prevention System. |
|
ISO/IEC_27002:2005 |
Tag for data related to the ISO/IEC_27002:2005 regulation. |
|
JSOX |
Tag for data related to the JSOX (the Financial Instruments Exchange Law, commonly referred to as JSOX, which is applicable to companies that are publicly registered on the Japanese stock exchanges) regulation. |
|
NERC |
Tag for data related to the North American Electric Reliability Corporation (NERC) regulation. |
|
NETD |
Tag for data related to network router/switch. |
|
Network |
Tag for network infrastructure related data, such as that obtained from routers, switches, and virtual private network (VPN). |
|
Network Security |
Tag for network security infrastructure data, such as that obtained from firewalls, IDSs, and Web proxies. |
|
NISPOM |
Tag for data related to the National Industrial Security Program Operating Manual (NISPOM) regulation. |
|
O |
Tag for event sources not in the other category. |
|
OS |
Tag for data related to the operating system. |
|
PCI |
Tag for data related to the PCI regulation. |
|
SentinelLogManager |
Tag for Sentinel Log Manager system related data. |
|
SOX |
Tag for data related to the Sarbanes–Oxley Act (SOX) regulation. |
|
VPN |
Tag for data related to virtual private network. |
|
Windows |
Tag for Windows related data |