15.1 Solution Packs

Solution Packs allow Novell, partners, and customers to create and easily manage solutions to specific business problems. They provide a framework within which sets of content can be packaged into controls, each of which is designed to enforce a specific business or technical policy. The control can use any of the detection, filtering, alerting, and response features of Sentinel, as well as provide documentation on control status and enforcement. By managing the set of content as a unit within the control, the Solution Pack solves dependency problems and simplifies implementation.

Controls within a Solution Pack can include the following types of content:

Correlation Rule Deployments, including deployment status and associated Correlation Rules, Correlation Actions, including JavaScript plugins and Integrators, and Dynamic Lists
Reports
iTRAC Workflows, including associated Roles
Event enrichment, including map definitions and event metatag configuration
Other associated files added when the Solution Pack is created, such as documentation, example report PDFs, or sample map files.

Although Solution Packs have many uses, one is to package content related to governance and regulatory compliance into a comprehensible and easily enforceable framework that is easy to deploy. Novell and its partners will offer and extend Solution Packs around such regulations or other customer needs.

Solution Packs are created with Solution Designer application. Using this tool, a user creates the Solution Pack, associated controls and documentation (including implementation and testing steps), and then associates Sentinel content with each control. The entire package is then exported as a ZIP file.

The ZIP file containing the Solution Pack is imported and deployed into an existing Sentinel system using the Solution Manager in the Sentinel Control Center. The Solution Manager displays implementation and testing steps in the Solution Pack and tracks the status of each control. At any time, users can generate a detailed document with implementation status for each control.

15.1.1 Components of a Solution Pack

Solution Packs consist of Categories, Controls, Content and Content Groups. These components are represented in a hierarchy. The following image depicts the hierarchy in a Solution Pack:

Figure 15-1 Solution Pack hierarchy

The table below describes each level in a Solution Pack hierarchy.

Table 15-1 Solution Pack hierarchy levels

	Solution Pack	Solution Pack is the root node in the content hierarchy. Each Solution Pack can contain one or multiple Category node(s).
	Category	Category is a conceptual classification. Each Category can contain one or multiple Control(s).
	Control	Control is another level of classification, which often corresponds to a particular control defined by a set of regulations. Each Control can contain one or multiple Content Group.
N/A	Content Group	Content Group is a set of related content. There are several types of Content Groups, such as Reports, Correlation Rules, and Event Configurations, each with its own icon.

The table below describes the types of Content Groups and the content that they contain.

Table 15-2 Table 14‑2: Types of Content Group

	Event Configuration	Event Configuration is a Content Group that contains a Map Definition and the configuration of one or more related Sentinel metatags. This icon is also used for the metatag configuration definition.
	Map	Indicates the Map Definition Instance.
	Workflow	Workflow is a Content Group that contains an iTRAC Workflow template and any associated Roles. This icon is also used for the iTRAC workflow template itself.
	Role	Indicates a Role used in a Workflow.
	Correlation Rule	Correlation Rule is a Content Group that contains a correlation rule, the namespace in which it is stored, and any associated correlation actions or dynamic lists. This icon is also used for the correlation rule definition.
	Namespace	Indicates Namespace Instance in which the correlation rule is stored
	JavaScript Action Plugin	Indicates a JavaScript Action plugin
	JavaScript Action	Indicates a configured JavaScript Action instance
	Integrator Plugin	Indicates an Integrator plugin
	Integrator	Indicates a configured Integrator instance
	Action	Indicates Action Configuration for a correlation action.
	Correlation Rule Deployment	Indicates the Correlation Rule deployment.
	Report	Report is a Content Group that contains a Crystal report. This icon is also used for the .rpt report file.
	Dynamic List	Indicates Dynamic List.

15.1.2 Permissions for Using Solution Packs

To use the Solution Manager or Solution Designer, a user must be assigned the necessary permissions in the User Manager.

To grant permissions for the Solution Pack:

Log into the Sentinel Control Center as a user with permissions to use the User Manager.
Go to the Admin tab.
Open the User Configuration folder.
Open the User Manager window.
Click the Permissions tab.
Select Solution Designer, Solution Manager, or Solution Pack (which will automatically select both child permissions). The new permissions will be applied the next time the user logs in.