The Advisor service and its corresponding Exploit Detection feature depend on the mappings between the attacks against enterprise assets and the known vulnerabilities of those assets. The Advisor and the Exploit Detection features require the following data to work with the Advisor products:
Vulnerability scan data: The vulnerability scanners check enterprise assets for known vulnerabilities. The scanned data can then be loaded into the Sentinel database to serve as referential information, by using the Collectors that support Advisor.
Advisor mapping data: The Advisor data contains information about known threats, including attacks and vulnerabilities. The Advisor service gathers information from various vulnerability and intrusion detection vendors, and creates mappings between abstract vulnerabilities and attacks.
Security Nexus provides the Advisor feed data that contains information about known security vulnerabilities and threats, and also provides normalization of intrusion detection signatures and vulnerability scans. The Advisor data feed is updated on a regular basis as new attacks and vulnerabilities are reported. The updates are available at the Novell download Web site .
NOTE:The initial Advisor data feed is installed by default on the Sentinel server at /var/opt/novell/sentinel/data/updates/advisor. However, you must purchase an additional license from Novell to download the updated Advisor feed.
Real-time attack data: Intrusion detection systems report real-time attacks against enterprise assets. However, this data does not indicate the impact of the attacks.
The real-time attacks that are generated as events are loaded into the Sentinel database by using the intrusion detection systems or vulnerability type Collectors.