Sentinel supports a variety of plugins to expand and enhance system functionality. Some of these plugins are installed automatically. Additional plugins (and updates) are available for download at the Sentinel Content Web site.
Some plugins, such as the Remedy Integrator and the IBM Mainframe Connector, require an additional license for download.
Sentinel collects data from source devices and delivers a richer event stream by injecting taxonomy, exploit detection, and business relevance into the data stream before events are correlated and analyzed and sent to the database. A richer event stream means that data is correlated with the required business context to identify and remediate internal or external threats and policy violations.
Sentinel Collectors can parse data from the types of devices listed below:
JavaScript Collectors can be written and run on Sentinel 6.0 SP1 and above using standard JavaScript development tools and the Collector SDK. Proprietary Collectors can be built or modified using Section 1.2.4, Sentinel Collector Builder, a standalone application included with the Sentinel system.
Connectors provide connectivity from the Collector Manager to event sources using standard protocols such as JDBC and syslog. Events are passed from the Connector to the Collector for parsing.
Integrators enable remediation actions on systems outside of Sentinel. For example, a correlation action can use the SOAP Integrator to initiate a Novell Identity Manager workflow.
The optional Remedy AR Integrator provides the ability to create a Remedy ticket from Sentinel events or incidents.
Correlation rules identify important patterns in the event stream. When a correlation rule triggers, it initiates correlation actions, such as sending email notifications, initiating an iTRAC workflow, or executing an action using an Integrator.
Users can run a wide variety of dashboard and operational reports from the Sentinel Control Center using Crystal Reports Server. In Sentinel 6.1 and later versions, reports are typically distributed via Solution Packs.
iTRAC workflows provide consistent, repeatable processes for managing incidents. In Sentinel 6.1 and later versions, workflow templates are typically distributed via Solution Packs.
Solution Packs are packaged sets of related Sentinel content, such as correlation rules, actions, iTRAC worflows, and reports. Novell provides Solution Packs that focus on specific business needs, such as the PCI-DSS Solution Pack, which addresses compliance with the Payment Card Industry Data Security Standard. Novell also creates “collector packs,” which include content focused on a specific event source, such as Windows Active Directory.