This chapter describes how you can integrate Secure Configuration Manager with NetIQ Sentinel.
This integration helps the Sentinel administrators determine if their environment complies to configuration policy. Knowledge of policy compliance in relation to systems activity allows Sentinel administrators to:
Verify that configuration compliance is in line with system activity
Verify compliance to configuration in times of anomalous activity
Determine if system activity resulted in changes affecting policy compliance
Integrating SCM with Sentinel enables SCM to send compliance information to Sentinel. SCM sends information to Sentinel as events, communicating if the system is in compliance, out of compliance, or unknown compliance.
An SCM administrator can configure SCM to raise an event for Sentinel when a risk score threshold or compliance threshold is reached.
The event that SCM sends to Sentinel contains applicable attributes of the endpoint known by SCM, such as asset name and IP address.
Assessment events generated in SCM are forwarded to Sentinel in near real time, subject to latency factors such as network traffic and connectivity.
You can configure SCM to attach a detailed report to each event it sends to Sentinel. NetIQ recommends that you consider the estimate of 1.7MB per event to calculate the additional storage you might need in Sentinel for storing assessment events sent by SCM. For more information about Sentinel hardware requirements, see System Sizing Information in the NetIQ Sentinel Installation and Configuration Guide.