Sentinel 6.1 Rapid Deployment is a new packaging option for the Novell market-leading Sentinel Security Information and Event Management solution. Sentinel 6.1 Rapid Deployment includes full Sentinel functionality that can be installed on a single machine and is ideal for smaller organizations or regional installations. It is a SUSE Linux package and easily installs all components of the Sentinel system, including the database and reporting server.
Novell Sentinel 6.1 Rapid Deployment Service Pack 1 applies the latest defect fixes and enhancements to an existing installation of Sentinel 6.1 Rapid Deployment, Sentinel 6.1 Rapid Deployment Hotfix 1, or Sentinel 6.1 Rapid Deployment Hotfix 2. The new features and fixed defects depend on the version from which you upgrade.
Sentinel 6.1 Rapid Deployment is now supported on the SUSE Linux Enterprise Server (SLES) 11 64-bit platform in addition to the SLES 10 SP2 64-bit platform.
The Download Manager enables you to configure the Sentinel 6.1 Rapid Deployment server for automated downloading and processing of the feed files, such as the Advisor data feed, at fixed intervals. The Download Manager notifies the Sentinel processes to process the downloaded feed whenever a feed is downloaded.
For more information on the Download Manager feature, see Download Manager
in the Sentinel 6.1 Rapid Deployment User Guide.
The Backup and Restore utility performs a backup of the data on the Sentinel 6.1 Rapid Deployment server and also restores the data at any given point in time with minimal effort.
For more information on the Backup and Restore utility, see Backup and Restore Utility
in the Utilities
chapter of the Sentinel 6.1 Rapid Deployment User Guide.
A new user interface is added to the Sentinel Control Center that enables you to perform several actions in Advisor:
Download the Advisor data feed.
Process the downloaded data feed either automatically or manually.
Configure the Advisor products that need to be included for exploit detection.
View the status of the processed feed.
For more information on Advisor, see Advisor Usage and Maintenance
in the Sentinel 6.1 Rapid Deployment User Guide.
A new option named
is added in the > > window of the Sentinel Control Center. The new option enables you to create user accounts that use LDAP authentication.LDAP authentication can be performed with or without anonymous searches on the LDAP directory.
For more information on configuring a Sentinel 6.1 Rapid Deployment server for LDAP authentication, see LDAP Authentication
in the Sentinel 6.1 Rapid Deployment Installation Guide.
The Database Cleanup utility now enables you to clean the Advisor, Asset, and Vulnerability data from the Sentinel database, in addition to cleaning the Incidents and Identities data.
For more information on the Database Cleanup utility, see Database Cleanup
in the Sentinel 6.1 Rapid Deployment User Guide.
For detailed information on hardware requirements and supported operating systems, browsers, and event sources, see System Requirements
in the Sentinel 6.1 Rapid Deployment Installation Guide.
For information on installing Novell Sentinel 6.1 Rapid Deployment, see the Sentinel 6.1 Rapid Deployment Installation Guide.
Before proceeding with the upgrade, ensure that you have installed one of the following on the system where you want to install this service pack:
Sentinel 6.1 Rapid Deployment
Sentinel 6.1 Rapid Deployment Hotfix 1
Sentinel 6.1 Rapid Deployment Hotfix 2
For information on installing Novell Sentinel 6.1 Rapid Deployment SP1, see Upgrading Sentinel 6.1 Rapid Deployment
in the Sentinel 6.1 Rapid Deployment Installation Guide.
Table 1 Defects Fixed in Sentinel 6.1 Rapid Deployment SP1
Table 2 Defects Fixed in Sentinel 6.1 Rapid Deployment Hotfix 2
Table 3 Defects Fixed in Sentinel 6.1 Rapid Deployment Hotfix 1
To enhance the stability of Sentinel 6.1 Rapid Deployment, the ability to search events from the Web user interface has been disabled. The preferred methods for searching are in the Sentinel Control Center by using the following options:
You can use the following procedure to enable the
option in the Web user interface. However, under load, enabling this option might lead to das_binary crashes and even event loss:Stop the Sentinel services:
$APP_HOME/bin/sentinel.sh stop
Open the das_binary.xml file for editing.
$APP_HOME/config/das_binary.xml
Uncomment the EventSearchComponent section:
<!-- <obj-component id=”EventSearchComponent”> <class>esecurity.ccs.comp.textsearch.EventSearchComponent</class> <property name="eventsearcher.sortableBatchSize">100000</property> <obj-component-ref> <name>EventProducer</name> <ref-id>EventStoreService</ref-id> </obj-component-ref> </obj-component> -->
Restart the Sentinel services:
$APP_HOME/bin/sentinel.sh restart
The Search option is now enabled and you can search for events from the Web user interface.
Table 4 Known Issues in Sentinel 6.1 Rapid Deployment SP1
Defect Number |
Description |
---|---|
621141 |
Issue: In Active Views, if you right-click an event, then click > or , the Asset data or the Advisor data is not displayed. This issue is observed only when the Sentinel Control Center is launched through the Web start.Workaround: You can view the Asset data and the Advisor data on machines where the Sentinel Control Center is installed as a client application. |
517568 |
Issue: The Sentinel Solution Designer is not installed when you select it as the only client application. However, the installation does not display any errors. Workaround: To install the Sentinel Solution Designer, you must select either the Sentinel Control Center or the Sentinel Data Manager along with the Sentinel Solution Designer during the installation. |
621558 |
Issue: In the Sentinel Control Center > .js file, an error is displayed indicating that an invalid file is selected. This error occurs only when you attempt this action for the first time. > > window, when you try to import an action plug-in from the directory that only contains aWorkaround:
|
568310 |
Issue: After installing the Sentinel Solution Designer, if you run the Client Installer again to install other client applications, the list that shows the installed components indicates that the Sentinel Solution Designer is not installed. This is because the Sentinel Solution Designer is not installed when it is selected as the only application. Workaround: Install the Sentinel Solution Designer again, along with the Sentinel Control Center or the Sentinel Data Manager. |
583248 |
Issue: In Sentinel Control Center > > > , when you double-click any attack information in the row, the Advisor Attack Details window is blank and does not show any attack information.Workaround: You can view the Advisor attack details in Active Views. Right-click an event that has Vulnerability = 1, then click > . Currently, the Advisor data is available on machines where the Sentinel Control Center is installed as a client application. |
514199 |
Issue: You cannot set the memory configuration for the Collector Manager by using the option during Collector Manager installation. The memory setting defaults to 1200 MB regardless of the value selected in the drop-down list.Workaround: You can manually change the memory allocation after the installation. Modify the -Xmx value in the <Install_Directory>/config/configuration.xml file to change the memory allocated to the Collector Manager process. |
475150 |
Issue: On a Windows machine, while configuring the File Connector, if you click to add an event source, the file browser does not appear and exceptions are logged in the control center log file.Workaround: Specify the desired file path into the field rather than using the button. Also, if you run the Sentinel services as an administrator user, the option works as expected. |
622216 |
Issue: Exceptions are logged in the DAS_CORE log while the archive and delete partition operations are performed through Sentinel Data Manager jobs. Workaround: None. Although exceptions are logged, the archive and delete partition operations are performed as expected. |
623834 |
Issue: Error messages are logged in the DAS_CORE log indicating that online current partition is failing to drop, even though there is enough (80%) disk space available. Workaround: This occurs on systems that do not meet the minimum requirements specified in the Sentinel 6.1 Rapid Deployment documentation. For more information, see System Requirements. |
623838 |
Issue: In Sentinel Data Manager, the filename naming convention is different for partitions that are archived through jobs and for partitions that are manually archived. For example, the filename for a partition archived through a manual operation is ESEC_ARCH_EVENTS_events_p_2010071010000, but the filename for a partition that is archived through a job is ESEC_ARCH_events_p_2010071010000. As a result, when the partitions are archived through jobs, the and operations do not happen together for all the partitions and the last partition in the table group is not get imported. Workaround: You must manually import the missing partitions by using the Import option. For more information, see Sentinel Data Manager in the Sentinel 6.1 Rapid Deployment User Guide. |
625571 |
Issue: As of August 06, 2010, the Sentinel Core Solution Pack 6.1r2 packaged with Sentinel 6.1 Rapid Deployment is not available for download on the Sentinel 6.1 Plug-ins Web site. If you delete this Solution Pack, you cannot download a replacement at this time. The Sentinel Core Solution Pack 6.1r1 that is available on the plug-ins Web site does not include reports for Sentinel Rapid Deployment. Workaround: None. Do not delete the Solution Packs. If they are deleted and Sentinel Core Solution Pack 6.1r2 or later is still unavailable on the plug-ins Web site, contact Novell Technical Services for a replacement. |
580188 |
Issue: The default installation and configuration of the General Collector, which is provided for data collection testing purposes in the Sentinel 6.1 Rapid Deployment installation, outputs only severity 3 events. Workaround: Create a new instance of the general Collector and start the Collector. Events to display all severities in the Active Views. |
566973 |
Issue: The Correlation Engine Manager window appears blank when you reopen the Sentinel Control Center if you previously saved the user preferences with the Correlation Engine Manager window in the open state. Workaround:
|
535331 |
Issue: If there is a large amount of data in the Events table, reports generation might be slow. Workaround: None. |
622895 |
Issue: IO exceptions are logged in the Java console while launching the Sentinel Control Center through Webstart. However, the Sentinel Control Center launches successfully. Workaround: None. |
563950 |
Issue: Exceptions are logged in the das_core 0.0 log when the Sentinel Control Center is closed. However, the Sentinel Control Center closes successfully. Workaround: None. |
625542 |
Issue: Chatty warning messages are frequently logged in the das_core 0.0 log file after Sentinel 6.1 Rapid Deployment SP1 is installed. However, the application works as expected. Workaround: None. |
627850 |
Issue: The events from the online archived imported partitions are not displayed when queried through an Offline Query or Historical Query. However, the events are successfully being stored in the database. Workaround: None. |
Sentinel technical documentation is available in several different volumes:
The Sentinel SDK site provides the details about developing Collectors (proprietary or JavaScript) and JavaScript correlation actions.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2010 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.