Novell Sentinel Training Day 3

Icon for Nuvola icon theme for KDE 3.x.

Image via Wikipedia

Alright Day 3 of Sentinel training was pretty good. We reviewed performing actions when a correlation rule is met on an event filter.  We also learned about “solution packs”.  A little bit about how they are structured, but mainly how to import, edit and redeloy them. We were shown the PCI DSS solution pack. I must say it was pretty comprehensive, which is sold for $30K by itself. We also were given a sales presentation breaking down the scope of Novell’s ISM (Identity and Security Management) products. It was explained to us that ISM is now one of Novell’s 3 focuses. Any supported products will fall under their main areas of focus. They also mentioned that they did very well this final quarter which is about to end for them. That’s really good news for Identity Management, especially at a time when the economy is not doing well. We also heard from some attendees in the training course that IBM is also doing very well. And of course IBM has its own Identity Management suite. So even more good news for Identity Management. The sales rep explained that Identity Management was initially seen as a sub-area of focus for IT departments and was not seen as being under security. But now Identity Management is seen more as being under security rather than traditional IT because of the specialization that goes into it.

Back to Sentinel…  the Actions that can be performed when a correlation rule is met are: configure Correlation Event, Create Incident (to be assigned and resolved), Execute Command (custom batch file), remove Dynamic list, Send Email, Set LDAP attribute (i.e. in E-directory), and the latest addition giving much flexibility is executing Javascript. We also learned how to import collectors and connectors. The Higherarchy seems to be Collector->connectors.  Also there has been quite a bit of changes from 6.0 to 6.1.  We also learned that Collectors and Connectors can be bundled and deployed with solution packs. A base install of Sentinel does not include any collectors or connectors. You have to download them from the Novell Site. Some are free i.e. the Collector for Active Directory. I am still looking for a comprehensive list of whats free and whats for purchase.

The Salesperson also broke down the CMP (Compliance Management Platform) product line (which is really a bundle) a little bit.  The first product that is pushed is Analyzer which does some data sanatizing/analytics to help show how more resources can be used. Identity Manager and Sentinel are the 2 major components of CMP.  Aside from there being some collectors and connectors to integrate Identity Manager with Sentinel I did not hear a whole lot else about how they integrate. The only example I have heard is being able to pull data from Identity Manager when a user is involved in an incident. Imagine if someone tries to access something they should not access. Not only can their account be disabled if they try repeatedly over a certain window of time, but their profile can be pulled from Identity Manager which would even show their picture. We were also told that an action from a correlated event in Sentinel could kick off an Identity Manager workflow. I guess that would be done through the SOAP connector? (not sure) Aside from this I haven’t heard too much more about how these products integrate. The rights to Sentinel were brought from E-security when Novell purchaed them. Eric noted that the UI must have been changed from the original version because it now looks similar to Novell’s Identity manager. Another confusing thing that came up is how roles are managed. Identity Manager apparently has its own role based system, but there is another Novell product called Access manager which does nothing but roles. There is another program called Identity Audit which is supposed to help with compliancy but does nothing but reports. So there is some redundancy in the offering of some ot these products. Crystal reports (a little lincse comes with CMS).

In my next post on the final day of Sentinel training, I will include screenshots from my training image.

Related articles by Zemanta
Reblog this post [with Zemanta]
10 Oct 2008
1
avatar
Nick Page said,  
October 21st, 2008 at 7:56 am

Hello,

I am contacting you regarding your website and one page in particular (http://azeemkhan.info/id/2008/novell-sentinel-training-day-3/)

I am currently search marketing for Novell. Novell offers XEN-based open-source virtualization and is available on Novell/SUSE’s Linux Enterprise Server 10 software. Novell’s newly released Identity Management software is designed to maximize business efficiency by eliminating tedious and time consuming manual processes, allowing new employees to be provisioned 95% faster. Access can also be revoked immediately upon an employee’s departure from the enterprise.

I am writing to enquire about the possibility of appearing as a link from your webpage (http://azeemkhan.info/id/2008/novell-sentinel-training-day-3/) that points to the Novell Identity Management information webpage (http://www.novell.com/products/identitymanager/) using the link text Novell, Identity or Management. Although you have a lot of useful information on this webpage, I feel that placing a link to Novell’s Identity Management page would benefit any users who are seeking additional information regarding virtualization and Novell’s integrated management software.

Could you please respond to my request either way after you have assessed the suitability of the aforementioned webpage?

Your support would be greatly appreciated.

Kind Regards,

Nick Page

  Username (required)

  Email (will not be published)

  Website

Please Note: Your comment will be under moderation. Don't resubmit please. Thank you.