Sentinel provides a list of preconfigured Actions that should be useful in most standard situations. You can use the default Actions and reconfigure them as necessary, or you can add new Actions.
NOTE:Only users in the administrator role can configure and manage Actions.
An Action can be executed on its own, or it can make use of an Integrator instance configured from an Integrator plug-in. Integrators provide the ability to connect to an external system, such as an LDAP, SMTP, or SOAP server, to execute an action.
The general process for using an Action to perform remediation is shown in the following figure:
Figure 9-1 Actions Workflow
Determine the best type of Action plug-in that should be used to perform your desired action.
Configure the appropriate Action plug-in with appropriate parameter settings for your environment.
For more information, see Section 9.3.1, Adding an Action.
If the Action requires an Integrator, configure the appropriate Integrator.
To determine the required Integrators for an Action, see the documentation that is available with the Action on the Sentinel Plug-ins Web site. Alternatively, you can view a specific Action’s documentation by clicking the button while configuring that Action in the Action Manager.
For information on configuring the Integrator, see Section 10.2, Managing Integrators.
Execute actions manually or associate actions to rules for the action to fire automatically when the rule fires:
For information on executing an action on events that meet the event routing rule criteria, see Section 8.1, Creating an Event Routing Rule.