To use the Solution Manager and view the contents of a Solution Pack, a user must belong to the administrator role.
Click the menu and select to display the Solution Packs Manager window:
Double-click a Solution Pack in the Solution Packs window to display the Solution Manager.
To use the content of a Solution Pack in the Sentinel Control Center, you must install the Solution Pack or selected controls in a Sentinel System (also known as the “target” Sentinel system).
When you install either a Solution Pack or an individual control, all of the child nodes are installed. Only fully defined controls can be installed. For controls that contain placeholders, the Install option is disabled.
In the Solution Packs Manager window, double-click a Solution Pack to open the Solution Manager.
Alternatively, you can select a Solution Pack that you want to install and click icon.
For more information, see Section 17.4.1, Launching the Solution Manager.
Select a Solution Pack or a control that you want to install. Click .
Alternatively, right-click a Solution Pack or control and select .
The Install Control Wizard opens. If you select a Solution Pack, all the controls in that Solution Pack display. If you select an individual control, then that control is displayed in the Install Control Wizard window.
Click to display the Install Content window.
If Correlation rules and actions are included in the Solution Pack, you need to proceed through several additional screens until you reach the Install Content window. For more information, see Correlation Rules and Actions.
Click .
After the installation is complete, click .
If the installation fails for any content item in the control, the Solution Manager rolls back all the content in that control to Uninstalled. In this situation, create a new content or Solution Pack using the Solution Designer, import it and then try installing it
Configure the control, then implement it according to the instructions in the documentation for the control.
For information on configuring the controls or content you just installed, continue with Section 17.5.3, Configuring Controls.
For information on implementing the control in order to use the content, continue with Section 17.5.4, Implementing a Control.
Correlation rules are deployed to a specific Correlation Engine. During the control installation, a screen shows the Correlation Engines in the target Sentinel system and the rules that are already running on those engines. Based on the number and complexity of the rules running on the engines, you can decide where you will deploy the Correlation rule.
Correlation rules deploy in an Enabled or Disabled state, depending on their status in the source Sentinel system when the Solution Pack was created.
If an Execute Script Correlation action is associated with the Correlation rule, the Solution Manager attempts to install the associated JavaScript code on all Correlation Engines. If a Correlation Engine is offline, you can still deploy the rule. However, the status of the rule will be disabled in the Sentinel Web interface after importing.
If an Execute Command Correlation action is associated with the Correlation rule, the Solution Manager installs the command and its arguments, but the script or utility must be manually configured on the Correlation Engine. This might require installing the utility, configuring permissions, or manually copying a script file to the proper directory on the Correlation Engine.
In a default installation, the proper directory for the script file is /opt/novell/sentinel/bin/actions.
If a JavaScript Action is associated with the Correlation rule, the Solution Manager installs the Action configuration, the Action plug-in, and the associated integrator configuration and Integrator plug-in (if it is needed).
If two separate controls contain identical content and one control is installed successfully, the status of the duplicate content in the other control is changed to Installed. The remaining child nodes in the second control stay uninstalled.
Each content item is only installed once. If the same content item (for example, an iTRAC workflow or a Correlation rule) is included in more than one control, it is only installed once. Therefore, if you install one of those controls, the content displays with an installed status in the other control. In this scenario, the Solution Manager might show that the content for the second control is only partially installed.
If the Solution Manager detects content with the same name but a different unique identifier in the target Sentinel system, the Solution Manager installs the content with a unique ID appended to the name. For example, the rule from the Solution Pack might be named Unauthorized Firewall Change (1). The existing rule in the Sentinel system is unchanged.
NOTE:To prevent confusion for end users, NetIQ recommends that one of these rules be renamed.
Out of Sync status indicates that a different version of the content in the Solution Pack has been installed in the Sentinel target system by another Solution Pack or a previous version of the same Solution Pack. The Solution Manager only compares content from different Solution Packs (or different versions of the same Solution Pack) for installed content. Before you implement a control, you need to resolve this out of sync status.
Open the Solution Pack in the Solution Manager for which you want to resolve the out of sync content.
Select the out of sync content (not the control or category) in the Solution Manager.
Select the content, right-click, then select .
A message displays information about which Solution Pack is the source of the out of sync content.
Compare the content in the two Solution Packs to determine which version you want to keep.
Uninstall the control from the Solution Pack that you do not want to keep. For more information, see Section 17.5.6, Uninstalling a Control.
Resolve the out of sync issue before installing the new Solution Pack.
Reinstall the control with the content you want to keep.
Implement and test as necessary.
If the Solution Pack that you install contains a Map control, you need to copy the associated .csv file to the system where you are importing and installing the Solution Pack. This file is used by the mapping service for event enrichment. Data from this .csv file is used to populate the tag when specified conditions are met for all incoming events.
When you create a Solution Pack using a Map control, the map definition file (.csv) that is used to create the Map is not bundled in the Solution Pack. Therefore, when you install this Solution Pack on any other Sentinel server, you do not get the expected behavior This is because this Map looks for the required information in the map definition file (.csv) in the var/opt/novell/sentinel/data/map_data folder of the Sentinel Server to populate the tag. If the correct .csv file is not there, the Map control does not work properly.
You must copy the map definition file that you used to create the Map to the var/opt/novell/sentinel/data/map_data folder whenever you install any Solution Pack that has a Map control.
The steps on how to implement a control is added when the Solution Pack is created in the Solution Designer. The steps might include instructions for the following types of implementation actions:
Scheduling automatic report execution.
Enabling auditing on source devices.
Copying an attached script for an Execute Command Correlation Action to the appropriate location on the correlation engines.
You only need to follow the instructions that are in the Implementation tab for the control.
To implement a control:
Open a Solution Pack in Solution Manager.
For more information, see Section 17.4.1, Launching the Solution Manager.
Select a control.
Click the tab in the Documentation panel.
Follow all of the instructions in the tab.
Add notes to the tab of the Documentation panel as necessary to document progress or necessary changes from the recommended implementation steps.
When the implementation is complete, select the control and change the status drop-down to .
An audit event is generated and sent to the Sentinel Control Center.
Because of potential legal and regulatory implications, the status for a control should only be changed after all of the implementation steps have been successfully completed.
After a control is implemented, the content should be tested to verify that it is working as expected. Testing might require steps such as running a report or generating a failed login. The testing instructions for each control are added when the Solution Pack is created in the Solution Designer.
To test a control:
Open a Solution Pack in Solution Manager.
For more information, see Section 17.4.1, Launching the Solution Manager.
Select a control.
Click the tab in the Documentation panel.
Follow all of the instructions in the tab.
Add notes to the tab of the Documentation panel as necessary to document progress or necessary changes from the recommended testing steps.
When the testing is complete, select the control and change the status drop-down to .
An audit event is generated and sent to the Sentinel Control Center.
Because of potential legal and regulatory implications, the status for a control should only be changed after all of the testing steps have been successfully completed.
Controls are often used to meet legal or regulatory requirements. After they are implemented and tested, controls can be uninstalled after careful consideration.
When a control is uninstalled, the status for the control reverts to Not Implemented and child content is deleted from the Sentinel system. There are a few exceptions and special cases:
Dependencies are checked to ensure that no content that is still in use is deleted. Some examples of this include a Dynamic List that is used by a Correlation rule created in the target Sentinel system, a report that is used in a control that is still installed, an iTRAC workflow template that is used in a Solution Pack that is still installed, or a folder that still contains other content.
Reports (.rpt files) copied to a local system cannot be removed if the uninstall is performed from a Sentinel Control Center on a different machine.
JavaScript files associated with Execute Script Correlation actions remain on the Correlation Engines.
Maps (.csv files) and the data they contain are not deleted.
Roles associated with workflows are not deleted.
iTRAC workflow processes that are already in progress continue until completion even if the iTRAC workflow is uninstalled.
To uninstall a control:
Open a Solution Pack in Solution Manager.
For more information, see Section 17.4.1, Launching the Solution Manager.
Right-click the control you want to uninstall and select .
Alternatively, click the icon. The Controls To Uninstall window appears.
Click .
If the control you are uninstalling includes one or more reports, you are prompted whether to uninstall the reports from the server. Ideally, this information was recorded on the tab when the reports were installed.
Click to display the Uninstall Content window.
Click . The selected contents are uninstalled.
Local reports cannot be uninstalled from a different Sentinel Control Center machine than the one that was used for the installation, or if the files were copied to a new location after installation. If the Solution Manager cannot find the .rpt files in the expected location, a message is logged in the Sentinel Control Center log file.
Click .
There are several sources of information about the status of a Solution Pack.
You can view the status of Solution Pack contents in the Solution Manager. For more information, see Section 17.4.1, Launching the Solution Manager.
None/Blank: No status indicator for a control indicates that the associated content has not been installed yet.
Not Implemented: When none or some of the contents of a control are installed, the control is in the Not Implemented state. If the same content is installed by another control, a control might be Not Implemented even if some of its child content is Installed.
Implemented: Indicates that a user has completed all of the implementation steps and manually set the control status to Implemented. For more information, see Section 17.5.4, Implementing a Control.
Tested: Indicates that a user has completed all of the testing steps and manually set the control status to Tested. For more information, see Section 17.5.5, Testing a Control.
Out of Sync: Indicates that a different version of the content in the Solution Pack has been installed in the Sentinel target system by another Solution Pack or a previous version of the same Solution Pack. For more information, see Out Of Sync Status
The information about the Solution Pack can be exported in PDF format. The report contains details about every node in the Solution Pack, including the category, control, and content group.
To generate Solution Pack status documentation:
Open a Solution Pack in the Solution Manager for which you want to generate a status report.
Click . The Report Options window displays.
Show status information: Select this option to show deployment status for each control (Not Installed, Not Implemented, Implemented, or Tested) and whether it’s Out of Sync.
Include content nodes: Select this option to include information about the child content for each control in the documentation.
Select Show status and Show individual content if desired.
To view the documentation, click .
(Conditional) If this is the first time a PDF has been opened from the Sentinel Control Center, you might need to locate Acrobat Reader.
(Conditional) Click , and locate the Acrobat Reader, then click .
The report is opened in the PDF format.
To save the PDF, click . Navigate the location where you want to save the PDF and specify a filename.
Click .
All major actions related to Solution Packs and controls are audited by the Sentinel system, with information about which user performed the action. The following events are visible in the Sentinel Control Center and are stored in the Sentinel database:
Solution Pack is imported.
Control is installed.
Control status is changed to Implemented.
Control status is changed to Tested.
Control status is changed to Not Implemented.
Control is uninstalled.
Notes are modified for a control.
Solution Pack is deleted.
Solution Packs are often used to meet legal or regulatory requirements. After they are implemented and tested, Solution Packs can be deleted after careful consideration. All deletions are audited by the Sentinel system and sent to both the Sentinel Control Center and the Sentinel database.
You cannot delete a Solution Pack without uninstalling the controls first. For more information, see Section 17.5.6, Uninstalling a Control. If you do not uninstall the controls and try to delete a solution pack, you are notified that content is still deployed.
Open the Solution Packs Manager.
Select the Solution Pack that you want to remove, then click .
You are prompted to delete the Solution Pack.
Click to delete.