A.0 Pre-installation Questionnaire

Answering these questions can be helpful in planning your own installation or preparing for consultants to install your Sentinel system.

Pre-Install Questions

  1. What is your goal or purpose of using Novell Sentinel?

    1. Compliance

    2. Security Event Management

    3. Other_________________________________________

  2. What hardware has been allocated for the installation of Sentinel? Is it in accordance with hardware specifications provided in the Sentinel Installation Guide?

  3. Have you validated Sentinel hardware and operating system requirements described in the Sentinel Installation Guide against your configuration?

    • OS patch levels

    • Service Patches

    • Hot Fixes and so on.

  4. Does your DAS machine meet the necessary OS and hardware requirements?

  5. What is the network architecture for the source devices with respect to the security segment where the Sentinel and Collector hardware is to be located?

    NOTE:This is important to understand the hierarchy of Collector data collection and to identify any firewalls that must be penetrated to enable Collector to Sentinel communication or Sentinel to DB communication or Crystal Server to DB communication.

    Provide information below (text and/or drawing) or link to information.

  6. What reports do you want out of the system? This is important to ensure that your Collectors collect the correct data to be passed to the Sentinel database.

    1. _______________________________________________________

    2. _______________________________________________________

    3. _______________________________________________________

    4. _______________________________________________________

    5. _______________________________________________________

    6. _______________________________________________________

  7. What source devices do you want to collect data from (IDS, HIDS, Routers, Firewalls and so on), event rate (EPS – events per second), versions, connection methods, platforms and patches?

    Device (mfr/model)

    Event Rate (EPS)

    Version

    Connection Method

    Platform

    Patches

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    Can you provide sample data of what you want the Sentinel Collectors to collect and parse? Sentinel can be configured to provide the desired output based on the information provided here.

  8. What security model/standards exist at your site?

    • What is your stance on local accounts versus domain authentication?

      • For Windows with domain authentication, proper domain account settings must be created to ensure that Sentinel can be installed.

      • For Solaris install, this is not applicable. However, Sentinel does not support NIS.

  9. What is the required data retention in terms of days?

  10. Based on the data retention information and EPS, what disk size will you be using? Use 500 to 800 bytes/event for sizing estimates.

  11. What event patterns do you want to identify in your data?

  12. Does the current data available from your event sources support the event patterns you want to detect, or will event enrichment using the mapping service be needed?

  13. If the mapping service is needed, what is the source of the enrichment data, and what key will be used to perform the mapping? How will the maps be kept up to date?

  14. When a security or compliance violation is detected, what processes will be used to remediate?