To configure Sentinel integration with Secure Configuration Manager:
Go to Core Services Configuration Utility and click the Forward Assessment Report tab.
Provide the following information:
Forward Events of Assessment Result: Select Enabled to enable sending assessment events to Sentinel.
Destination Server: Specify the Sentinel Server URL, which needs to be configured to receive assessment events.
Destination Server Credentials: Specify the user name and password for the Sentinel server.
NOTE:You must restart the Core Service if you change the above settings.
(Optional) Provide the following additional information. The default values will be considered if you do not provide any information in these fields.
Forward Assessment Events: Select the component(s) for which to send assessment events:
By Asset: A report for every asset (for example, an endpoint) is sent to Sentinel. If you run a policy against 100 assets, 100 reports are sent.
By Policy: A report is sent for each policy template. If you run two policy templates against 100 assets in your system, two reports are sent, each report containing information about relevant assets.
By Asset and Policy: reports are sent for both assets and policies. if you run two policy templates against 100 assets in your system, 102 reports are sent - two reports that contain information about all the assets (generated for two policy templates), and 100 reports that contain information about each asset.
the default value is by asset.
Assessment Conditions to Forward: The following are assessment conditions you can select, to forward events to the destination server:
Enable Events for Compliant Results: Select True to receive in-compliance assessment events.
Enable Events for Out Of Compliance Results With: Select an option in this drop-down list to notify as when you want to receive out-of-compliance assessment events. This list has the following options:
False: Select this option if you do not want to receive out-of-compliance assessment events.
Low Risk and Above: Select this option if you want to receive assessment events for any kind of risk.
Medium Risk and Above: Select this option if you want to receive assessment events only for medium risk and above.
High Risk: Select this option if you want to receive assessment events only for high-risk. This is the default option.
See Section 4.1, Understanding Security Checks to understand how risk scoring is done in security checks.
Enable Events where Results are Incomplete: Select True if you want to receive assessment events for unknown compliance.
Tenant Name: If the Sentinel server is in a multi-tenant environment, specify the department or the tenant name for which you want to send events.
Click Apply to apply the settings. You must restart Core Services, so that the updated settings are saved and sending assessment events to Sentinel is enabled.
In the Secure Configuration Manager console, click Go > Assessment Configuration. In the Assessment Configuration Settings window, you can select the policy templates or the security checks for which assessment events must be sent to the Sentinel server.
Additionally, when you run a policy template or a security check in the Secure Configuration Manager console, you can select the Forward Assessment Report to Destination Server option in the Run Policy Template Wizard to enable sending assessment events to the Sentinel server.