This chapter describes how you can integrate Secure Configuration Manager with NetIQ Sentinel.
This integration helps the Sentinel administrators determine if their environment complies to configuration policy. Knowledge of policy compliance in relation to systems activity allows Sentinel administrators to:
Verify that configuration compliance is in line with system activity
Verify compliance to configuration in times of anomalous activity
Determine if system activity resulted in changes affecting policy compliance
Integrating Secure Configuration Manager with Sentinel enables Secure Configuration Manager to send compliance information to Sentinel. Secure Configuration Manager sends information to Sentinel as events, communicating if the system is in compliance, out of compliance, or unknown compliance.
A Secure Configuration Manager administrator can configure Secure Configuration Manager to raise an event for Sentinel when a risk score threshold or compliance threshold is reached.
The event that Secure Configuration Manager sends to Sentinel contains applicable attributes of the endpoint known by Secure Configuration Manager, such as asset name and IP address.
Assessment events generated in Secure Configuration Manager are forwarded to Sentinel in near real time, subject to latency factors such as network traffic and connectivity.
You can configure Secure Configuration Manager to attach a detailed report to each event it sends to Sentinel. NetIQ recommends that you consider the estimate of 1.7MB per event to calculate the additional storage you might need in Sentinel for storing assessment events sent by Secure Configuration Manager. For more information about Sentinel hardware requirements, see System Sizing Information in the NetIQ Sentinel Installation and Configuration Guide.