Course Locator

Sentinel 7.1 Administration [Course 8337]

Course Overview

The purpose of this course is to teach the tasks required of a Sentinel 7 Administrator. Students will be able to describe the architecture, install collectors that capture events from various event sources, detect anomalies, and be able to run reports based on those collected events. What products or services are being covered? Sentinel 7 This course will deliver administration information and tasks required to manage a Sentinel Deployment After completing this course, students should be able to install and configure Sentinel 7 and collect events from various event sources. Students should also be able to perform tasks related to security and intelligence, data storage, and event searching and reporting.

Training Level: 2 - Intermediate

Duration: 4 Days

Key Objectives

Through discussion, examples, and lab exercises with real world content, you will learn how to:

  • Storage configuration and data retention
  • Correlation rules and actions
  • Security Intelligence
  • Event Source Management
  • Data Enrichment
  • Solution Pack Management
  • Identity Integration

Audience Summary

This course covers many aspects of the Novell Sentinel 7.1 product and its functionality:

  • Appropriate for analysts who will be using the Sentinel console, administrators who will be managing the day-to-day upkeep, and developers who will be customizing Sentinel correlation rules, reports, or collectors.
  • Provide a complete understanding of Sentinel features, ongoing administration, and introduce customization, network security, and troubleshooting concepts.

Course Prerequisites

This course covers a wide range of Novell Sentinel 7.1 functionality, from basic analyst training to custom collector development. There are no formal prerequisites, but to get full value from the class, you are encouraged to be familiar with basic concepts such as:

  • Basic networking: IP protocol/CIDR notation, HTTP(s)/FTP and other protocols, bandwidth, VLANs, Network Address Translation, DHCP, DNS, LDAP Network security devices and operation: AV scanners, Intrusion Detection Systems, firewalls, vulnerability scanners, etc
  • Basic security concepts: Identity/user/role management, access control, security policies, compliance and IT controls, incident response, encryption, reporting
  • Common network threats: viruses, DOS attacks, information leaks, trojans/worms, buffer overflows, etc.
  • Relational database concepts: tables, relationships and keys, joins, partitions
  • Basic programming concepts: Iterative logic, Boolean logic, evaluations and operators, variables and parameters, data objects, regular expressions, ASCII/Hex encoding, file/network/process input/output, debugging

Course Outline

This course follows the basic outline and covers the topics shown below:

  • SECTION 1 - Introduction and Installation
  • SECTION 2 - Storage
  • SECTION 3 - Correlation
  • SECTION 4 - Security Intelligence
  • SECTION 5 - Event source management
  • SECTION 6 - Event Configuration
  • SECTION 7 - Data Enrichment
  • SECTION 8 - User Management
  • SECTION 9 - Tags
  • SECTION 10 - Solution Pack Management
  • SECTION 11 - Identity Integration
  • SECTION 12 - Trouble Shooting

Course Description