1.1 Sentinel Web Interface

Sentinel is a Security Information and Event Management (SIEM) that receives information from many sources throughout an enterprise, standardizes it, prioritizes it and presents it to you to make threat, risk and policy related decisions. The Sentinel Web interface is the main user interface for viewing and interacting with this data.

1.1.1 Accessing the Sentinel Web Interface

  1. Launch a supported Web browser. (Internet Explorer 8 or Firefox 5).

  2. Specify the URL of the Sentinel Web interface:

    https://<IP_Address/DNS_Sentinel_server:8443>
    

    IP_Address/DNS_Sentinel_server is the IP address or DNS name of the Sentinel server and 8443 is the default port for the Sentinel server.

  3. Log in as a user with permissions to access the desired feature.

    or

    If it is your first time logging in, log in with the administrator name and password specified during the installation.

    For information on the various roles and permissions, see Section 2.0, Configuring Users and Roles.

    By default, the username is admin. The password is specified during the installation of Sentinel. For more information, see Interactive Installation in the NetIQ Sentinel 7.0.1 Installation and Configuration Guide.

1.1.2 Introducing the Sentinel Web Interface

The Sentinel Web interface allows you to configure your Sentinel system and administer features. There are two different types of options displayed in the Web interface:

Administration Options

The administration options are displayed in the toolbar if you are logged in as a user with an administrative role. The following are the administration options:

Collection: Allows you to configure data collection through event sources. For more information, see Section 6.0, Configuring Data Collection.

Storage: Allows you to configure how Sentinel stores all of the data it gathers. For more information, see Section 5.0, Configuring Data Storage.

Routing: Allows you to configure how events are automatically routed through the Sentinel system to rules or Actions. For more information, see Section 8.0, Configuring Event Routing Rules.

Users: Allows you to configure users and roles for managing Sentinel. For more information, see Section 2.0, Configuring Users and Roles.

Search Setup: Allows you to configure Sentinel to search other Sentinel and Sentinel Log Manager systems for events. For more information, see Section 13.0, Searching and Reporting Events in a Distributed Environment.

Downloads: The location where you can download the stand-alone installers for remote Collector Managers and Correlation Engines. For more information, see Installing Additional Collector Managers or Installing Additional Correlation Engines in the NetIQ Sentinel 7.0.1 Installation and Configuration Guide.

User Options

The user options are displayed on the left and at the end of the toolbar for users with the rights to the different features. If you log in as a user without the rights to a feature, the feature is not displayed. The following are the user options:

Logged in User Name: Displays the name of the user that you used to log in to Sentinel. You can edit information about the user, change the user’s password, or see additional information about the user in this link.

Help: Provides link to the Sentinel 7.0 documentation Web site, Sentinel API, Sentinel Help Portal, and Sentinel Database Schema.

About: Displays the version, copyright information, and license information for Sentinel.

Application: The location where you launch the Sentinel Control Center (SCC) and the Solution Designer. For more information about the SCC, see Section 1.2, Sentinel Control Center. For more information about the Solution Designer, see Section 1.4, Solution Designer.

New Search: Allows you to perform a search of events in the Sentinel system. For more information, see Searching Events in the NetIQ Sentinel 7.0.1 User Guide.

Security Intelligence: Allows you to perform statistical analysis for trends in the data gathered by Sentinel. For more information, see Analyzing Trends in Data in the NetIQ Sentinel 7.0.1 User Guide.

Reports: Allows you to run reports on the data gathered by Sentinel. For more information, see Reporting in the NetIQ Sentinel 7.0.1 User Guide.

People: Integrates Sentinel with Novell Identity Manager to track each user’s account identity information and the status of the account. A user account can have one or more identities per system in the IT environment. For more information, see Integrating Identity Information with Sentinel Events in the NetIQ Sentinel 7.0.1 User Guide.

Event Actions: Allows you to perform actions on selected events. For more information, see Manually Performing Actions on Events in the NetIQ Sentinel 7.0.1 User Guide.

Correlation: Allows you to correlate a set of similar or comparable events in a given period with the rules you create and deploy in the Correlation Engine so you can take appropriate action to mitigate any situation. For more information, see Correlating Event Data in the NetIQ Sentinel 7.0.1 User Guide.

Tags: Allows you to tag all data collection objects such as Event sources, Servers, Collector Managers, Collector plug-ins, report templates, and report results. Tags are user-defined values that can be used to logically group data collection objects within the Sentinel system.You can search for events, report templates, and report definitions based on tags. For more information, see Configuring Tags in the NetIQ Sentinel 7.0.1 User Guide.

Filters: Allows you manage the amount of data that Sentinel gathers. Filters help you reduce the scope of searches, what data is stored, and what data is analyzed. For more information, see Configuring Filters in the NetIQ Sentinel 7.0.1 User Guide.