8.2 Using the Advisor Feed

The initial Advisor data is loaded by default with Sentinel installation on the same machine where the Database Access Service (DAS) is installed. However, the feed files are not loaded to the Sentinel database. To get the updated Advisor feed, you must download the latest Advisor feed on a regular basis and process the downloaded feed to load it to the Sentinel database.The regular updates can be either manual or automatic, based on your choice.

NOTE:You must have an additional license for Advisor to receive the Advisor updates.

8.2.1 Advisor Prerequisites

  • To download Advisor updates, you must purchase the optional Sentinel Exploit Detection and Advisor Data Subscription.

  • For Automatic download, outgoing port 443 should be open. You must install Crystal Reports Server software on your system to run reports.

  • If you intend to use Advisor for Exploit Detection only, you need to install Crystal Reports Server software.

8.2.2 Downloading and Processing Advisor Feed

To configure Sentinel to download and process Advisor feed files, select Admin > Advisor. The download method can be either of the following:

Automatic

Use Download Manager to configure the Sentinel server to download the regular updates that are included with the Advisor data subscription service.

Select Automatic and click Launch Download Manager. Follow the instructions given in Section 9.0, Download Manager.

Figure 8-1 Automatic Update

Manual

  1. Log in to Novell download Web site by using your Novell eLogin username and password.

    The Novell eLogin username and password must be associated with the Advisor license.

  2. Download all the updated and new .zip and .md5 files.

  3. Copy the downloaded feed files to the location on the Sentinel 6.1 server that was specified in the Advisor configuration screen.

    The default location is <Install_Directory>/data/updates/advisor.

  4. (Optional) Click Process Now to load the feed files to the Sentinel database.

  5. (Optional) Click Save to save the feed files for future use.

8.2.3 Configuring Sentinel for Exploit Detection

Selecting Intrusion Detection Systems for Exploit Detection

You can view the intrusion detection systems included in the <Install Directory>/data/map_data/explotDetection.csv file under Product name. You can choose the systems to be included in the threat map by selecting the corresponding check box. Events from all the selected systems are scanned for possible attacks and vulnerabilities.Click Save to save your selection.

Viewing the Threat Map

To view the threat map, click Preview Threat Map.

Figure 8-2 Preiew Threat Map