Sentinel provides a list of preconfigured Actions that should be useful in most standard situations. You can use the default Actions and reconfigure them as necessary, or you can add new Actions.
NOTE:Only users in the administrator role can configure and manage Actions.
An Action can be executed on its own, or it can make use of an Integrator instance configured from an Integrator plug-in. Integrators provide the ability to connect to an external system, such as an LDAP, SMTP, or SOAP server, to execute an action.
The general process for using an Action to perform remediation is shown in the following figure:
Figure 9-1 Actions Workflow
Determine the best type of Action plug-in that should be used to perform your desired action.
Configure the appropriate Action plug-in with appropriate parameter settings for your environment.
For more information, see Section 9.3.1, Adding an Action.
If the Action requires an Integrator, configure the appropriate Integrator.
To determine the required Integrators for an Action, see the documentation that is available with the Action on the Sentinel Plug-ins Web site. Alternatively, you can view a specific Action’s documentation by clicking the button while configuring that Action in the Action Manager.
For information on configuring the Integrator, see Section 10.2, Managing Integrators.
Execute actions manually or associate actions to rules for the action to fire automatically when the rule fires:
For information on executing an action in an Incident, see Executing Incident Actions
in the NetIQ Sentinel 7.0.1 User Guide.
For information on executing an action on events that meet the event routing rule criteria, see Section 8.1, Creating an Event Routing Rule.
For information on executing an action on events in Active Views, see Executing Actions on Events
in the NetIQ Sentinel 7.0.1 User Guide.
For information on executing actions on events in Search results, see Executing Actions
in the NetIQ Sentinel 7.0.1 User Guide.
For information on associating an action to a Correlation rule, see Associating Actions to a Rule
in the NetIQ Sentinel 7.0.1 User Guide.