Sentinel: Exploit Detection

  • 3037674
  • 02-Nov-2006
  • 26-Apr-2012

Environment

Sentinel ALL

Situation

What is Exploit Detection and what systems does it support?

Resolution

Exploit Detection (Mapping Service)
Sentinel provides the ability to cross-reference event data signatures with Vulnerability Scanner data. Users are notified automatically and immediately when an attack is attempting to exploit a vulnerable system. This is accomplished through:

Advisor Feed
Intrusion detection
Vulnerability scanning
Firewalls


Advisor provides a cross-reference between event data signatures and vulnerability scanner data. Advisor feed has an alert and attack feed. The alert feed contains information about vulnerabilities and threats. The attack feed is a normalization of event signatures and vulnerability plug-ins. For information about Advisor installation, see the Sentinel Installation Guide.


The supported systems are:
Intrusion Detections Systems

" Cisco Secure IDS
" Enterasys Dragon Host Sensor
" Enterasys Dragon Network Sensor
" ISS BlackICE
" ISS RealSecure Desktop
" ISS RealSecure Network
" ISS RealSecure Server
" ISS RealSecure Guard
" Snort
" Symantec Network Security 4.0 (ManHunt)
" Symantec Intruder Alert
" McAfee IntruShield " eEYE Retina

Vulnerability Scanners

" Foundstone Foundscan
" ISS Database Scanner
" ISS Internet Scanner
" ISS System Scanner
" ISS Wireless Scanner
" Nessus
" nCircle IP360


Firewalls


" Cisco IOS Firewall