Novell Sentinel 6.1 Now Available!

The newest release of Sentinel 6.1 provides a number of integration features to improve the user experience for customers who implement Novell products together. Sentinel now includes the ability to correlate and report at the user identity level, across multiple accounts held by that user. The new Identity Browser provides the ability to look up any identity and view information about accounts held by that identity and recent actions taken by that user (such as the last 10 authentications). This identity information can be used for reporting or correlation.

Identity integration with Novell Identity Manager is provided with the Novell Compliance Management Platform. This optional package includes a Novell Identity Manager driver and Sentinel Identity Vault Collector to synchronize identity information from the Identity Manager Identity Vault to the Sentinel Database. The package also includes an Identity Tracking Solution Pack with identity-enabled reports and correlation rules.

What's New in Sentinel 6.1

Sentinel 6.1 leverages Novell's industry leading expertise in Identity Management to create the first identity enabled security monitoring platform. Detailed user information from an Identity Management system is integrated into Sentinel. As part of this integration, all the accounts that belong to a single user are tied together, providing visibility into the activity of a single user across multiple systems. Major enhancements to the Sentinel correlation action framework, data collection interface, and trouble ticketing system provide improve extensibility and tailor Sentinel to the specific needs of an organization.

Identity Framework
Sentinel includes the ability to correlate and report at the user identity level, across multiple accounts held by that user. Identity information is loaded into the Sentinel database, inserted into incoming events, and available for lookup from the Sentinel Control Center interface.

Identity Browser
If identity information is populated into the Sentinel database, the Identity Browser provides the ability to look up any identity and view information about accounts held by that identity and recent actions taken by that user (such as the last 10 authentications). This information can be accessed by searching for a particular user or by right-clicking an event.

Identity Enhanced Reporting
Sentinel reports have been enhanced to take advantage of user identity information when it's available through integration with an identity management system. The association of account to user and user details is a new feature.

Enhanced Integration with Novell Identity Manager
Identity integration with Novell Identity Manager is provided with the Novell Compliance Management Platform. Some of the pieces of this optional package include a Novell Identity Manager driver and Sentinel Identity Vault Collector that work together to synchronize identity information from the Identity Manager Identity Vault to the Sentinel Database. The package also includes a Sentinel Solution Pack with identity-enabled reports, correlation rules, and workflows.

Remediation Using Integrators
Integrators provide connectivity to external systems to execute an action that is initiated by a triggered correlation rule or by the selection of a right-click menu option in the Sentinel Control Center. The following integrators are preloaded in the Sentinel system:

• SOAP Integrator - used to initiate action using calls to a SOAP server
• LDAP Integrator - used to set or change attributes in an LDAP directory
• SMTP Integrator - used for all mail messages initiated by Sentinel

Remedy Integration
Integration with Remedy Service Management has been updated and re-architected for Remedy 7.0.01. This optional integration includes an Integrator to make the connection to Remedy and an Action to create a service ticket from a set of events or a Sentinel incident.

JavaScript Collectors
Collectors can be written in the industry-standard JavaScript language in addition to the proprietary (legacy) Novell collector scripting language. Collector Managers run both types of collectors simultaneously. The Sentinel 6.1 release includes an SDK for writing JavaScript collectors.

JavaScript Collectors provide richer data manipulation functionality and the ability to process double-byte/Unicode data.

Conform with XDAS
Sentinel uses hierarchical event taxonomy to categorize and classify events from a wide variety of event sources. This feature simplifies analysis, correlation, and reporting on distributed events by ensuring that common activities are expressed consistently regardless of which platform they came from. With Sentinel 6.1, the legacy taxonomy is aligned with an emerging open standard called XDAS.

What's New in Sentinel 6 SP2

Novell meets the needs of enterprises faced with the demands of PCI-DSS controls, by giving them the ability to automate, validate and prove PCI compliance. Novell has released a new service pack to improve Sentinel 6.0 and provide enhanced technology to help customers address compliance objectives.

• Technology to ensure PCI-DSS control objectives are being met
• Advanced content to streamline the compliance process
• Automated reports that are easy to generate for proof of compliance
• New tools allow for customization and easy implementation of new processes to respond to evolving PCI regulations
• Partner tools are available for easy implementation and repeatability to reduce the amount of consulting work needed

Click here to access the Release Notes for more information.

What's New in Sentinel 6

New Event Source Management Framework
Sentinel 6 includes an all-new Event Source Management framework that dramatically simplifies the deployment, management, and troubleshooting of the Sentinel system. New wizards simplify the process of connecting to new event sources, and an intuitive graphical system is provided for managing all aspects of the event collection process.

Next Generation iTRAC Incident Management Workflow System
The iTRAC Incident Management System in Sentinel 6 has been dramatically improved to provide for greater capability, performance, and flexibility. This revolutionary new tool allows customers to automate all aspects of their incident response process, from detection and analysis through resolution and auditing. Customers can now customize the incident response workflows to enforce the processes defined by their organization.

New Correlation Features and Language Constructs
Sentinel 6 correlation has been enhanced to enable the creation of more powerful, effective rules using a simple, intuitive wizard. New correlation rule types include nested rules, sequenced rules and cause/effect rules.

Correlation using Active Lists
The new Active Lists feature of Sentinel 6 allows correlation against targeted historical event data and important external data such as user watch lists. List elements can be added and removed either manually through the user interface or automatically using the correlation engine.

New Global Filter Options
Filters can now be created to send events to the data store only, to all Sentinel 6 components, or only to the Sentinel User Interface and Correlation Engine. This provides users with the option to analyze large amounts of data and store only the correlated events, avoiding the expense of storing large amounts of extraneous data.

Expanded Platform Support
Platform support has been expanded and now includes selected 64-bit operating systems, SUSE Linux Enterprise Server 10, and Solaris 10, as well as database support for Oracle 10g, including Oracle Real Application Clusters (RAC). See the Sentinel Installation Guide for a complete list of supported platforms.

SSL Proxy Connection Option for Product Components
Sentinel 6 now allows communication between Sentinel components using an SSL Proxy, allowing Sentinel components to be placed in a remote network without the need to modify router and firewall settings.

Active Browser
The Sentinel 6 Active Browser allows users to quickly and accurately parse through a set of events to expose specific events and detect trends without the need to write SQL statements or create reports.

Additional Language Support
Sentinel 6 is localized in English, Portuguese, French, Italian, German, Spanish, Chinese Traditional, Chinese Simplified, and Japanese. This additional language support allows customers the flexibility to deploy Sentinel 6 in local regions and markets that are important to their business and operations.

• Request a Call
• Buy Now (New)
• Upgrade Now