Course Locator

NetIQ Sentinel Software Developer Kit: Building Collectors and Reports [Course 9010]

Course Overview

The objectives of this class will be to first, write and modify Collector plug ins using the Sentinel SDK in an Eclipse environment and second is to write new and modify existing reports found in Sentinel SEIM and Sentinel RD. Sentinel Collector plug-ins are used to process incoming data from event and data sources, and to transform that data into data objects usable by Sentinel. This class will take the user through a series of exercises designed to teach the APIs and concepts necessary to accomplish these tasks. Sentinel also provides a comprehensive embedded reporting engine based on Jasper. The type of data available for reporting varies by platform, with Sentinel Log Manager primarily focusing on event data only, and Sentinel SIEM providing additional contextual data such as asset and identity information. Using the same set of APIs, this class will use two methods for writing new reports; Eclispe and ANT to compile Javascript into reports and also using the new reporting tool introduced with Identity Manager 4. Pre-requisite: This class requires a knowledge of Jasascript and previous experience with Sentinel. Experience with Eclispe will be an advantage.

Training Level: 3 - Advanced

Duration: 4 Days

Key Objectives

By taking the course, you will learn to:

  • modify the parsing logic of the Sentinel connector.
  • modify the content of a report or create new reports not included with the Sentinel product they own.
  • the inner workings of the Sentinel publish channel.

Audience Summary

The audience for this course includes partners, employees and companies needing to modify the parsing logic of the Sentinel Collector. Other attendees may want this class to modify the content of a report or create new reports not included with the Sentinel product they own. Others may just be curious as to the inner workings of the Sentinel publish channel. 

Course Prerequisites

The prerequisites for this course include a course in Sentinel 7 or Sentinel Log Manager or an equivalent understanding of the Sentinel Event Source Management system.  These include developers or other network personnel with an advanced understanding of the Sentinel structure. This class also requires an understanding of Eclipse as well as Javascript. Concepts of ESM, Eclipse, and Javascript will not be taught in class; attendees are expected to know these environments before they attend.

Course Outline


SECTION 1: SDK Introduction
Objective 1: The Sentinel Plug-in SDK: where and how to get it
Objective 2: SDK resources: Developer files, running the IDE
Lab 1-1: Set up the SDK
Lab 1-2: Install the Developer Files

Lab 1-3: Run Eclipse

SECTION 2: Sentinel and Sentinel Log Manager
Objective 1: Sentinel Overview
-- Product features

-- Event Schema
-- Taxonomy
-- Event Source Data Framework (ESM)

SECTION 3: Collector Plugins Development
Objective 1: Getting Started
Objective 2: Initial Build

Objective 3: Debugging
Lab 3-1: Building a Collector

Lab 3-2: I Want to Edit Code, Where’s the Code?

SECTION 4: Directory Contents
Objective 1: Explore the Development directory
Objective 2: Examine the purpose of each file
Objective 3: Directory Contents Lab

SECTION 5: Parsing and Normalization
Objective 1: Guidelines to writing Parsing Logic
Objective 2: Parsing Methods
Objective 4: Parsing and Normalization Tools

Objective 5: Requirements for Methods
Lab 5-1: Parsing Methods

Lab 5-2: Building a Parsing Plan

SECTION 6: Event Construction
Objective 1: General Event Construction Concepts
Objective 2: Methods for Setting output Event Fields

Objective 3: Prototype Event and Explicit Field Assignment
Objective 4: Event Member Functions
Objective 5: Record to Event Conversion
Objective 6: Field Injection

SECTION 7: Taxonomy
Objective 1: Action Taxonomy
Objective 2: Outcome Taxonomy
Objective 3: Observer Taxonomy
Lab 7-1: Deciding on Taxonomy
Lab 7-2: Writing Event Data to Taxonomy

SECTION 8: Connector Interaction
Objective 1: Basic Architecture
Objective 2: Record Handling

Objective 3: Connector Properties
Objective 4: Using Maps
Objective 5: Common Code

Lab 8-1: Normalize Event Fields.

SECTION 9: Parameters
Objective 1: Adding Parameters to a Collector
Objective 2: Using Parameters in Code

Objective 3: Defining Custom Parameters
Objective 4: Collector Metadata


SECTION 1: Basic Sentinel Reporting
Objective 1: Introduction to Sentinel Reporting
Objective 2: One-click Reporting in Log Management
Objective 3: Reporting in SIEM
Objective 4: Report Tweaks
Objective 5: Section Goals

SECTION 2: iReport
Objective 1: Introduction to iReport
Objective 2: Creating and Editing Reports (non-SDK, just a quick overview)
Objective 3: Report Structure
Objective 4: Report Properties
Objective 5: Fields

SECTION 3: Reporting parameters
Objective 1: Reporting Variables
Objective 2: Beyond standard reporting
Lab 3-1: Create a simple report and preview in Sentinel


SECTION 4: Reports in Sentinel
Objective 1: Metadata
Objective 2: Report Parameters
Objective 3: Editing and Packaging via the SDK
Lab 4-1: Create and edit a report via the SDK (make a simple change)

SECTION 5: Report Filters
Objective 1: Querying Sentinel RD
Objective 2: Joining views
Objective 3: Querying Log Management
Lab 5-1: Create a simple report with a new query and columns

SECTION 6: Report Layouts
Objective 1: Displaying text field data
Objective 2: Group headers
Objective 3: Long data strings
Lab 6-1: Layouts

SECTION 7: Data Manipulation
Objective 1: Sorting in Reports
Objective 2: Sorting in a SQL Query
Objective 3: Data and In-query Conversions
Objective 4: Identity Information
Objective 5: Host Information
Objective 6: Conversion in the Report
Lab 7-1

SECTION 8: Summary Counts
Objective 1: Summarization
Objective 2: Summary Variables
Objective 3: Group Summaries
Objective 4: Taxonomy Summaries
Objective 5: Summary Subreport

SECTION 9: Subreports
Objective 1: Creating a Subreport
Objective 2: Subreport Wizard
Objective 3: Modifying a Subreport
Objective 4: Parameters
Objective 5: Query Examples
Objective 6: Subreport Design

SECTION 10: Charting
Objective 1: Adding Charts to Reports
Objective 2: Chart Properties
Objective 3: Chart Data
Objective 4: Pie Charts
Objective 5: Time Charts
Objective 6: Bar Charts
Objective 7: Adding a Custom Class
Lab 10-1

SECTION 11: Advanced Features
Objective 1: Localization
Objective 2: Externalizing Strings
Objective 3: Property Files
Objective 4: Replacement Formatting
Objective 5: Key Colors
Objective 6: Color Lookup
Objective 7: Display Colorization

Course Description