8.3 Introduction to the Advisor User Interface

Ensure that you have Advisor Configuration permission to access the Advisor window.

You can access the Advisor user interface through one of the following methods:

Table 8-2 Navigating to Advisor

Location

User Interface

The Admin menu in the menu bar

The Navigation tree in the Navigation pane

Admin Toolbar

The Advisor icon .

8.3.1 The Advisor Window

The Advisor window has two sections:

  • Download Method: Enables you to process the Advisor feed files manually and launch the Download Manager feature to configure the Sentinel 6.1 server for automated processing of the feed files. For more information on processing the Advisor feed, see Section 8.3.2, Processing the Advisor Feed.

  • Exploit Detection: Lists the vulnerable products that are included in the feed files, and enables you to configure the products for exploit detection. For more information, see Section 8.3.3, Configuring the Advisor Products for Exploit Detection.

    NOTE:The Exploit Detection section initially displays a blank list unless you process the initial Advisor feed that was loaded during Sentinel installation. For more information, see Section 8.3.2, Processing the Advisor Feed.

Figure 8-1 Advisor Window

8.3.2 Processing the Advisor Feed

You can process the Advisor feed files manually or you can configure the Sentinel server to automatically process the feed files at scheduled time intervals.

Processing the Feed Files Manually

  1. In the Advisor window, select the directory where you downloaded the latest Advisor feed files.

    The initial Advisor feed is loaded at ESEC_HOME/data/updates/advisor.

  2. Click Process Now to process and load the feed files into the Sentinel database.

    After the feed files are processed, the products included in the feed files are displayed in the Exploit Detection section.

  3. (Optional) Click Save to save the location of the Advisor directory.

Processing the Feed Files Automatically

You can use the Download Manager to configure the Sentinel 6.1 server to automatically process the feed files after they are downloaded.

  1. In the Advisor window, click Launch Download Manager. For more information, see Section 9.0, Download Manager.

8.3.3 Configuring the Advisor Products for Exploit Detection

The Exploit Detection section of the Advisor window lists the names of the Advisor products and the device names that are included in the feed files.

  1. Select the products that need to be included for Exploit Detection by selecting the corresponding check box.

  2. (Conditional) To remove any product from the list, deselect the corresponding check box.

  3. Click Save to save the changes made to the Advisor products list.

    After the product list is saved, the exploitdetection.csv file is updated. For more information on exploit detection, see Generating the Exploit Detection File.

  4. (Optional) Click Reset to undo the changes made to the Exploit Detection products list.

For more information on exploit detection, see Section 8.2, Understanding Exploit Detection.

Viewing the Threat Map

The Preview Threat Map window lists the top 5000 entries of the exploitdetection.csv file. This list displays the attacks that attempt to exploit your machine.

To view the threat map: click Preview Threat Map.

NOTE:This list is blank unless the exploitdetection.csv file has been generated.

Figure 8-2 Preview Threat Map