Environment
Sentinel ALL
Situation
What is Exploit Detection and what systems does it support?
Resolution
Exploit Detection (Mapping Service)
Sentinel provides the ability to cross-reference event data
signatures with Vulnerability Scanner data. Users are notified
automatically and immediately when an attack is attempting to
exploit a vulnerable system. This is accomplished through:
Advisor Feed
Intrusion detection
Vulnerability scanning
Firewalls
Advisor provides a cross-reference between event data signatures
and vulnerability scanner data. Advisor feed has an alert and
attack feed. The alert feed contains information about
vulnerabilities and threats. The attack feed is a normalization of
event signatures and vulnerability plug-ins. For information about
Advisor installation, see the Sentinel Installation Guide.
The supported systems are:
Intrusion Detections Systems
" Cisco Secure IDS
" Enterasys Dragon Host Sensor
" Enterasys Dragon Network Sensor
" ISS BlackICE
" ISS RealSecure Desktop
" ISS RealSecure Network
" ISS RealSecure Server
" ISS RealSecure Guard
" Snort
" Symantec Network Security 4.0 (ManHunt)
" Symantec Intruder Alert
" McAfee IntruShield " eEYE Retina
Vulnerability Scanners
" Foundstone Foundscan
" ISS Database Scanner
" ISS Internet Scanner
" ISS System Scanner
" ISS Wireless Scanner
" Nessus
" nCircle IP360
Firewalls
" Cisco IOS Firewall