1.4 Solution Designer

You can use the Solution Designer to package and export different contents, such as a Correlation rule with associated actions and dynamic lists. The content can be selected and packaged with its configuration in a ZIP file. You can then view or select the content of the ZIP file by using the Solution Manager. For more information on the Solution Manager, see Section 17.0, Using Solution Packs.

To use the Solution Designer, you must have the correct permission. All roles contain the permission for the Solution Designer except for the PCI Compliance Audit role and the Search Proxy User role. For more information, see Section 2.0, Configuring Users and Roles.

1.4.1 Accessing the Solution Designer

  1. Log in to the Sentinel Web interface as a user with permissions to access the Solution Designer.

  2. In the toolbar, click Applications.

  3. Click Launch Designer.

  4. Click Yes to accept the security certificate.

  5. Specify a username and password of a user with permission to access the Solution Designer.

  6. Click Login.

  7. Click Accept or Accept Permanently to accept the security certificate.

1.4.2 Solution Designer Interface

The Solution Designer is divided into several frames. Each frame has it own function and multiple sub-functions in that specific frame.

Content Palette: Displays the content of the Solution Pack. The Content Palette contains multiple sections that can be expanded.

The sections that can be expanded are Correlation, Event Enrichment, iTRAC, and Jasper Reports. These are items on the Sentinel server that can be exported into a Solution Pack.

Content Description: Displays a description of the content selected in the Solution Pack panel.

Solution Pack: Displays all of the items contained in a Solution Pack.

Documentation: Displays the documentation specific for the Solution Pack. The documentation explains how to install, configure, and deploy the components of the Solution Pack.

1.4.3 Creating a Solution Pack

You can use the Solution Designer to create a Solution Pack with existing content objects (for example, Correlation Rules, Dynamic Lists, or iTRAC workflow templates) from Sentinel. The Solution Designer analyzes the dependencies for a content object and include all necessary components in the Solution Pack. For example, a Correlation Rule deployment includes a Correlation Rule definition, one or more actions, and the ability to create an incident using a workflow. The Solution Designer includes the Correlation Rule, the associated correlation actions, the iTRAC template, and the roles associated with the iTRAC template in the Solution Pack.

IMPORTANT:To add a content object to a Solution Pack, it must already exist in Sentinel. Content objects cannot be created in the Solution Designer.

To create a new Solution Pack:

  1. Access the Solution Designer.

    For more information, see Section 1.4.1, Accessing the Solution Designer.

  2. Click File > New.

    An empty Solution Pack is displayed in the Solution Pack panel.

  3. Add Categories, Controls, Content Groups, and content placeholders.

    For detailed instructions, see Section 1.4.4, Adding Content to a Solution Pack.

  4. Add file attachments to the hierarchy nodes as desired.

    For detailed instructions, see File Attachments.

  5. Click File > Save.

  6. Browse to and select a location to save the Solution Pack, then specify a name for the Solution Pack.

  7. Click Save to save the Solution Pack.

    The Solution Pack is saved in a .zip format.

Although you can save a Solution Pack with empty placeholders, you cannot install controls in the Solution Manager unless all placeholders have been filled with content.

1.4.4 Adding Content to a Solution Pack

A vital part of creating a Solution Pack is adding content to the controls. Each control can have one or more types of content associated with it.

Sentinel Content

The same general procedure is used to add all types of Sentinel content to a Solution Pack. The Sentinel content options include the following:

  • Correlation Rule deployments, including their deployment status (enabled or disabled) and associated Correlation rules, Correlation Actions, and Dynamic Lists

  • Reports

  • iTRAC workflows, including associated roles

  • Event enrichment, including map definitions and event metatag configuration

  • Other associated files added when the Solution Pack is created, such as documentation, example report PDFs, or sample map files.

NOTE:Because dynamic list elements and map data are often highly dependent on the system environment, this data is not included as part of the dynamic list or map definition in the Solution Pack. However, this data can be attached to the Solution Pack as a .csv file.

To add Sentinel content to a control:

  1. Access the Solutions Designer.

    For more information, see Section 1.1.1, Accessing the Sentinel Web Interface.

  2. Open or create a Solution Pack.

  3. Click the appropriate panel to display the available content:

    • Correlation

    • Event Enrichment

    • iTRAC

    • Jasper Reports

  4. Drag the item and drop it into the control.

    If you try to drag and drop pre-existing content in the Solution Designer, the existing content is highlighted. After you drop the content, a message prompt indicates that similar content exists.

Using Placeholders

If the user is not ready to associate content with a control, an empty placeholder can be used instead.

  1. Click the Correlation, Event Enrichment, iTRAC, or Jasper Report button in the Content Palette to open the panel for the type of placeholder you want to add.

  2. Drag and drop the placeholder to the appropriate control in the Solution Pack panel.

  3. Rename the placeholder, if desired.

To replace a placeholder with content:

  1. Click the Correlation, Event Enrichment, iTRAC, or Jasper Report button in the Content Palette to open the panel for the type of placeholder you want to add.

  2. Drag and drop the appropriate Content Group from the Content Palette to the placeholder in the Solution Pack panel or select the appropriate Content Group, then click Add Selected Content.

You can set properties for placeholders to indicate whether a placeholder is designed for specific Sentinel platforms. Placeholders that are designed in newer versions of Sentinel might not be supported in older versions because of changes in the Sentinel schema. If you try to install a placeholder on an unsupported Sentinel platform, the install does not proceed and shows an “Out of date” error.

To set the properties:

  1. Right-click the placeholder, then select Properties.

  2. Select Minimum Required Versions, then specify the Sentinel versions.

  3. Click Apply.

File Attachments

You can attach a file or files to any node in the hierarchy. The content in the attachment is included in the Solution Pack. These files can include anything useful for a user who must deploy the Solution Pack, such as a PDF view of a report, sample map data for event enrichment, or a script for an Execute Command Correlation Action. These files can be added, deleted, viewed, renamed, or saved to the local machine.

Adding an Attachment

You can add an attachment to a node. The system prompts you for another file if you attempt to add one that is already attached.

  1. Select a node, then click the Add a new attachment icon in the Attachment panel.

  2. Browse to and select the file you want to attach.

  3. Specify a description of the file, then click Save.

Viewing an Attachment
  1. Select a node, then select the attachment in the Attachment panel.

  2. Click the View selected attachment icon .

    The file displays in the associated application through the Attachment Viewer.

Editing an Attachment
  1. Select a node, then select the attachment in the Attachment panel.

  2. Click the Edit Attachment icons.

  3. Make the desired changed to the attachment, then click OK.

Saving an Attachment

You can save a copy of the attachment to the local system.

  1. Select a node, then select the attachment in the Attachment panel.

  2. Click the Save selected attachment file as icon to save the attachment to the local file system.

  3. Browse to and select the desired location for the attachment, then click Save.

Deleting an Attachment
  1. Select a node, then select the attachment in the Attachment panel.

  2. Click the Remove selected attachment icon .

  3. Click Yes to confirm that you want to delete the attachment.

1.4.5 Documenting a Solution Pack

The Solution Designer provides three different categories of documentation to help you create the documentation for the Solution Pack you are creating.

Description

Allows you to provide a detailed description about the Solution Pack for your users.

Implementation Steps

Lets you add the steps required to implement the content in the target Sentinel system to the Implementation tab of the Documentation panel. The steps might include instructions for the following types of implementation actions:

  • Populating a .csv file that is used by the mapping service for event enrichment.

  • Scheduling automatic report execution

  • Enabling auditing on source devices.

  • Copying an attached script for an Execute Command Correlation Action to the appropriate location on the correlation engines.

After the content implementation, the content should be tested to verify that it is working as expected.

Testing Steps

Lets you add the steps required to test the content in the target Sentinel system to the Testing tab of the Documentation panel. The steps can include instructions for the following types of testing activities:

  • Running a report and verifying that data is returned.

  • Generating a failed login in a critical server and verifying that a correlated event is created and assigned to an iTRAC workflow.

1.4.6 Editing a Solution Pack

A saved Solution Pack can be edited with the Solution Designer. For information about deploying the changes into an existing system, see Section 17.6, Installing an Edited Solution Pack.

To edit a Solution Pack:

  1. Access the Solution Designer.

    For more information, see Section 1.4.1, Accessing the Solution Designer.

  2. Click File > Open, then browse to and select the existing Solution Pack .zip file.

  3. Click Open.

  4. To update the Solution Pack with modified content from the source Sentinel system, drag and drop the content from the Content Palette to the appropriate control.

  5. Add or delete controls as necessary.

  6. Save the changes by selecting the options you want:

    File > Save: Saves the Solution Pack with the same name.

    File > Save As: Saves the Solution Pack with a different name.

    File > Save As New: Saves the Solution Pack with a different name and as a different Solution Pack.

    If you selected Save or Save As and some of the content is out of sync, you are prompted to synchronize.

1.4.7 Synchronizing Content

If the content in the source system is modified, the content in the source system and the content in the original Solution Pack can be out of synchronization.

  • You can drag and drop the content from the Content Palette onto the control.

  • For simple content with no dependencies, the modified content is immediately updated. For example, a report has no dependencies.

  • For content with dependencies, the dependencies are checked and updates are made when you click the Synchronize All Content icon or when you save the Solution Pack.

When an action uses the Send Email action, this action always appears as Out of Synchronization. This is expected and does not cause an error.

1.4.8 Managing a Solution Pack

All content in a Solution Pack is hierarchically organized into categories, controls, and content groups.

Adding a Node to a Control

  1. Select a node in the Solution Pack panel.

  2. Right-click the node, then select Create

    or

    Click Create in the Solution Pack panel heading.

Renaming a Control

  1. Select a control in the Solution Pack panel.

  2. Right-click the node, then select Rename

    or

    Click Rename in the Solution Pack panel heading.

    If Rename is not displayed, click the button in the panel heading, then select Rename from the list of options.

  3. Specify the new name, then click OK to save the change.

Deleting a Control

  1. Select a control in the Solution Pack panel.

  2. Right-click the node, then select Delete.

    or

    Click the button in the Solution Pack panel heading, then select Delete.

  3. Click Yes to confirm the deletion of the control.

Viewing or Editing the Properties of the Solution Pack

  1. Select File > Properties.

    or

    Right-click the Solution Pack in the Solution Pack panel, then click Properties.

  2. View the details, or change the information displayed.

    Type: Specify the type of Solution Pack.

    Author: Specify the author of the Solution Pack.

    Version: Specify the version of the Solution Pack.

    Supported OS Platforms: Specify the platforms where the Solution Pack is supported.

    Supported Platforms And Versions: Select All Platforms And Versions or Minimum Required Versions.

    If you select Minimum Required Versions, you must specify the following information:

    • Sentinel: Specify the minimum version of Sentinel that the Solution Pack supports.

    • Sentinel RD: Specify the minimum version of Sentinel Rapid Deployment (RD) that the Solution Pack supports.

    • Sentinel Log Manager: Specify the minimum version of Sentinel Log Manager that the Solution Pack supports.

  3. Click Apply to save any changes you made.

Expanding or Collapsing Nodes

You can expand or collapse all nodes at one time, instead of doing it node by node.

  1. In the Solution Pack panel, select the Solution Pack, category, control, or content group.

  2. Right-click the selected item, then select Expand All or Collapse All.

Moving Nodes

Category, control, and content group nodes can be created in any order and then reordered or moved to a different parent in the hierarchy.

To move a node to another branch in the hierarchy, drag and drop a node to its new parent node. A control can be moved to a new category. A content group can be moved to a new control.

To reorder a node, drag and drop it on top of the node it should appear after in the Solution Pack.