1.4 Solution Designer

You can use the Solution Designer to package and export different contents, such as a Correlation rule with associated actions and dynamic lists. The content can be selected and packaged with its configuration in a ZIP file. You can then view or select the content of the ZIP file by using the Solution Manager. For more information on the Solution Manager, see Section 16.0, Using Solution Packs.

To use the Solution Designer, you must have the correct permission. All roles contain the permission for the Solution Designer except for the PCI Compliance Audit role and the Search Proxy User role. For more information, see Section 2.0, Configuring Users and Roles.

1.4.1 Accessing the Solution Designer

  1. Log in to the Sentinel Web interface as a user with permissions to access the Solution Designer.

  2. In the toolbar, click Applications.

  3. Click Launch Designer.

  4. Click Yes to accept the security certificate.

  5. Specify a username and password of a user with permission to access the Solution Designer.

  6. Click Login.

  7. Click Accept or Accept Permanently to accept the security certificate.

1.4.2 Solution Designer Interface

The Solution Designer is divided into several frames. Each frame has it own function and multiple sub-functions in that specific frame.

Content Palette: Displays the content of the Solution Pack. The Content Palette contains multiple sections that can be expanded.

The sections that can be expanded are Actions, Correlation, Event Actions, Event Enrichment, Filters, iTRAC, Jasper Reports, and Searches. These are items on the Sentinel server that can be exported into a Solution Pack.

Content Description: Displays a description of the content selected in the Solution Pack panel.

Solution Pack: Displays all of the items contained in a Solution Pack.

Documentation: Displays the documentation specific for the Solution Pack. The documentation explains how to install, configure, and deploy the components of the Solution Pack.

1.4.3 Creating a Solution Pack

You can use the Solution Designer to create a Solution Pack with existing content objects (for example, Actions, Event Actions, Filters, Searches, Correlation Rules, Dynamic Lists, or iTRAC workflow templates) from Sentinel. The Solution Designer analyzes the dependencies for a content object and include all necessary components in the Solution Pack. For example, a Correlation Rule deployment includes a Correlation Rule definition, one or more actions, and the ability to create an incident using a workflow. The Solution Designer includes the Correlation Rule, the associated correlation actions, the iTRAC template, and the roles associated with the iTRAC template in the Solution Pack.

IMPORTANT:To add a content object to a Solution Pack, it must already exist in Sentinel. Content objects cannot be created in the Solution Designer.

To create a new Solution Pack:

  1. Access the Solution Designer.

    For more information, see Section 1.4.1, Accessing the Solution Designer.

  2. Click File > New.

    An empty Solution Pack is displayed in the Solution Pack panel.

  3. Add Categories, Controls, Content Groups, and content placeholders.

    For detailed instructions, see Section 1.4.4, Adding Content to a Solution Pack.

  4. Add file attachments to the hierarchy nodes as desired.

    For detailed instructions, see File Attachments.

  5. Click File > Save.

  6. Browse to and select a location to save the Solution Pack, then specify a name for the Solution Pack.

  7. Click Save to save the Solution Pack.

    The Solution Pack is saved in a .zip format.

Although you can save a Solution Pack with empty placeholders, you cannot install controls in the Solution Manager unless all placeholders have been filled with content.

1.4.4 Adding Content to a Solution Pack

A vital part of creating a Solution Pack is adding content to the controls. Each control can have one or more types of content associated with it.

Sentinel Content

The same general procedure is used to add all types of Sentinel content to a Solution Pack. The Sentinel content palette includes the following:

  • Actions

  • Correlation Rule deployments, including their deployment status (enabled or disabled) and associated Correlation rules, Correlation Actions, and Dynamic Lists

  • Event Actions

  • Reports

  • Filters

  • Searches

  • iTRAC workflows, including associated roles

  • Event enrichment, including map definitions and event metatag configuration

  • Other associated files added when the Solution Pack is created, such as documentation, example report PDFs, or sample map files.

Adding Sentinel Content to a Control

To add Sentinel content to a control:

  1. Access the Solutions Designer.

    For more information, see Section 1.1.1, Accessing the Sentinel Web Interface.

  2. Open or create a Solution Pack.

  3. Click the appropriate panel to display the available content:

    • Actions

    • Correlation

    • Event Actions

    • Event Enrichment

    • Filters

    • iTRAC

    • Jasper Reports

    • Searches

  4. Drag the item and drop it into the control.

    If you try to drag and drop pre-existing content in the Solution Designer, the existing content is highlighted. After you drop the content, a message prompt indicates that similar content exists.

Setting Content Properties

You can set properties to a content to indicate it is designed for specific Sentinel platforms. Content that is designed in newer versions of Sentinel might not be supported in older versions because of changes in the Sentinel schema. If you try to install a Control on an unsupported Sentinel platform, the installation does not proceed and shows an “Out of date” error.

To set the properties:

  1. Right-click a content, then select Properties.

  2. (Conditional) For Correlation rules, select Automatically deploy during installation to deploy Correlation rules automatically during the solution pack installation.

  3. Select Minimum Required Versions, and then specify the Sentinel versions.

  4. Click Apply.

Using Placeholders

If the user is not ready to associate content with a control, an empty placeholder can be used instead.

  1. Click the Correlation, Event Actions, Actions, Filters, Event Enrichment, iTRAC, or Jasper Report button in the Content Palette to open the panel for the type of placeholder you want to add.

  2. Drag and drop the placeholder to the appropriate control in the Solution Pack panel.

  3. Rename the placeholder, if desired.

To replace a placeholder with content:

  1. Click the Correlation, Event Actions, Filters, Event Enrichment, iTRAC, or Jasper Report button in the Content Palette to open the panel for the type of placeholder you want to add.

  2. Drag and drop the appropriate Content Group from the Content Palette to the placeholder in the Solution Pack panel or select the appropriate Content Group, then click Add Selected Content.

You can set properties for placeholders to indicate whether a placeholder is designed for specific Sentinel platforms. Placeholders that are designed in newer versions of Sentinel might not be supported in older versions because of changes in the Sentinel schema. If you try to install a placeholder on an unsupported Sentinel platform, the install does not proceed and shows an “Out of date” error.

To set the properties:

  1. Right-click the placeholder, then select Properties.

  2. Select Minimum Required Versions, then specify the Sentinel versions.

  3. Click Apply.

File Attachments

You can attach a file or files to any node in the hierarchy. The content in the attachment is included in the Solution Pack. These files can include anything useful for a user who must deploy the Solution Pack, such as a PDF view of a report, sample map data for event enrichment, or a script for an Execute Command Correlation Action. These files can be added, deleted, viewed, renamed, or saved to the local machine.

Adding an Attachment

You can add an attachment to a node. The system prompts you for another file if you attempt to add one that is already attached.

  1. Select a node, then click the Add a new attachment icon in the Attachment panel.

  2. Browse to and select the file you want to attach.

  3. Specify a description of the file, then click Save.

Viewing an Attachment

  1. Select a node, then select the attachment in the Attachment panel.

  2. Click the View selected attachment icon .

    The file displays in the associated application through the Attachment Viewer.

Editing an Attachment

  1. Select a node, then select the attachment in the Attachment panel.

  2. Click the Edit Attachment icons.

  3. Make the desired changed to the attachment, then click OK.

Saving an Attachment

You can save a copy of the attachment to the local system.

  1. Select a node, then select the attachment in the Attachment panel.

  2. Click the Save selected attachment file as icon to save the attachment to the local file system.

  3. Browse to and select the desired location for the attachment, then click Save.

Deleting an Attachment

  1. Select a node, then select the attachment in the Attachment panel.

  2. Click the Remove selected attachment icon .

  3. Click Yes to confirm that you want to delete the attachment.

1.4.5 Initializing Dynamic Lists Through Solution Pack

The Correlation rules in solution packs require some data in the dynamic lists for it to work properly. The solution pack framework includes the ability to automatically populate the dynamic lists with data when you install a solution pack.

To populate a dynamic list when you install a solution pack:

  1. Create a text file with the values that you want to add to the dynamic list. Add each different value on a separate line.

  2. In the Solution Designer, expand the Correlation content, and then select the dynamic list.

  3. Click Add a new attachment in the Attachment panel, and attach the file that you created in Step 1.

    All the values in the Dynamic list are persistent. For more information, see Creating a Dynamic List in the NetIQ Sentinel 7.1 User Guide.

1.4.6 Documenting a Solution Pack

The Solution Designer provides three different categories of documentation to help you create the documentation for the Solution Pack you are creating.

Description

Allows you to provide a detailed description about the Solution Pack for your users.

Implementation Steps

Lets you add the steps required to implement the content in the target Sentinel system to the Implementation tab of the Documentation panel. The steps might include instructions for the following types of implementation actions:

  • Populating a .csv file that is used by the mapping service for event enrichment.

  • Scheduling automatic report execution

  • Enabling auditing on source devices.

  • Copying an attached script for an Execute Command Correlation Action to the appropriate location on the correlation engines.

After the content implementation, the content should be tested to verify that it is working as expected.

Testing Steps

Lets you add the steps required to test the content in the target Sentinel system to the Testing tab of the Documentation panel. The steps can include instructions for the following types of testing activities:

  • Running a report and verifying that data is returned.

  • Generating a failed login in a critical server and verifying that a correlated event is created and assigned to an iTRAC workflow.

1.4.7 Editing a Solution Pack

A saved Solution Pack can be edited with the Solution Designer. For information about deploying the changes into an existing system, see Section 16.6, Installing an Edited Solution Pack.

To edit a Solution Pack:

  1. Access the Solution Designer.

    For more information, see Section 1.4.1, Accessing the Solution Designer.

  2. Click File > Open, then browse to and select the existing Solution Pack .zip file.

  3. Click Open.

  4. To update the Solution Pack with modified content from the source Sentinel system, drag and drop the content from the Content Palette to the appropriate control.

  5. Add or delete controls as necessary.

  6. Save the changes by selecting the options you want:

    File > Save: Saves the Solution Pack with the same name.

    File > Save As: Saves the Solution Pack with a different name.

    File > Save As New: Saves the Solution Pack with a different name and as a different Solution Pack.

    If you selected Save or Save As and some of the content is out of sync, you are prompted to synchronize.

1.4.8 Synchronizing Content

If you modify the content in the source system, the content in the source system and the content in the original Solution Pack can be out of synchronization. To synchronize the content, do one of the following:

  • For content with no dependencies, drag and drop the content from the Content Palette onto the control.

    The modified content is immediately updated. For example, a report has no dependencies.

  • For content with dependencies, the dependencies are checked and updates are made when you click the Synchronize All Content icon or when you save the Solution Pack. However, you need to ensure that the system that you are connected to has the latest content.

  • To synchronize specific content based on any content group, right-click the content or a content group and click Synchronize this content. Using this menu ensures that only the content and the contents within that group are synchronized.

When an action uses the Send Email action, this action always appears as Out of Synchronization. This is expected and does not cause an error.

1.4.9 Handling Inter-control Dependency

You can specify any control as a required control in the Solution Designer. This ensures that the control marked as required is also installed when a user chooses to install any other control first. For example, you can mark the global setup control as a required control, which is then installed when the user installs any other control from a solution pack.

You can also specify if you want to overwrite an existing control during installation. For example, if you include a newer version of a White Label Template and want to ensure that this newer version is automatically installed with a new install of solution pack, you can enable the overwrite properties.

To mark a control as required:

  1. In the Solution Designer, select the control that you want to mark as required.

  2. Right-click the control and select Properties.

  3. (Conditional) Select Required if you want to ensure that this control is also installed while installing any specific control from a solution pack.

  4. (Conditional) Select Enable Overwrite if you want to automatically install this control with a new install of solution pack.

  5. Click Apply.

1.4.10 Managing a Solution Pack

All content in a Solution Pack is hierarchically organized into categories, controls, and content groups.

Adding a Node to a Control

  1. Select a node in the Solution Pack panel.

  2. Right-click the node, then select Create

    or

    Click Create in the Solution Pack panel heading.

Renaming a Control

  1. Select a control in the Solution Pack panel.

  2. Right-click the node, then select Rename

    or

    Click Rename in the Solution Pack panel heading.

    If Rename is not displayed, click the button in the panel heading, then select Rename from the list of options.

  3. Specify the new name, then click OK to save the change.

Deleting a Control

  1. Select a control in the Solution Pack panel.

  2. Right-click the node, then select Delete.

    or

    Click the button in the Solution Pack panel heading, then select Delete.

  3. Click Yes to confirm the deletion of the control.

Viewing or Editing the Properties of the Solution Pack

  1. Select File > Properties.

    or

    Right-click the Solution Pack in the Solution Pack panel, then click Properties.

  2. View the details, or change the information displayed.

    Type: Specify the type of Solution Pack.

    Author: Specify the author of the Solution Pack.

    Version: Specify the version of the Solution Pack.

    Supported OS Platforms: Specify the platforms where the Solution Pack is supported.

    Supported Platforms And Versions: Select All Platforms And Versions or Minimum Required Versions.

    If you select Minimum Required Versions, you must specify the following information:

    • Sentinel: Specify the minimum version of Sentinel that the Solution Pack supports.

    • Sentinel RD: Specify the minimum version of Sentinel Rapid Deployment (RD) that the Solution Pack supports.

    • Sentinel Log Manager: Specify the minimum version of Sentinel Log Manager that the Solution Pack supports.

  3. Click Apply to save any changes you made.

Expanding or Collapsing Nodes

You can expand or collapse all nodes at one time, instead of doing it node by node.

  1. In the Solution Pack panel, select the Solution Pack, category, control, or content group.

  2. Right-click the selected item, then select Expand All or Collapse All.

Moving Nodes

Category, control, and content group nodes can be created in any order and then reordered or moved to a different parent in the hierarchy.

To move a node to another branch in the hierarchy, drag and drop a node to its new parent node. A control can be moved to a new category. A content group can be moved to a new control.

To reorder a node, drag and drop it on top of the node it should appear after in the Solution Pack.