Sentinel: iTRAC

  • 3934072
  • 25-Jan-2007
  • 26-Apr-2012

Environment

Sentinel 5.1.x
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows 2000 Server
RedHat Linux
Solaris 9

Situation

What is iTRAC?

Resolution

iTRAC (workflow) involves the automation of procedures, the ability to respond to incidents. Sentinel provides a iTRAC management system that provides procedural automation of processes. Tied to iTRAC is Sentinel's activity framework. The Activity framework provides the activities that could be performed at each stage in the iTRAC process. An example of an activity is pinging a remote host or sending an email to a user.

NOTE:To use the iTRAC tab, one or more incidents are needed that have an iTRAC process assigned to them. For more information about incidents, see the Active View™ Tab and Incidents Tab chapter.

The four stages (activities) of Sentinel's framework are:

Activity

Description

  1. Assign a user or role to the Incident

Sentinel Administrative Role user (default: esecadm) assigns a work flow.

  1. Perform data collection

Collect and view data to determine if a security infraction has occurred.

  1. Perform data containment

Limit the scope and magnitude of the incident. Prevent the incident from getting worse.

  1. Eradication

Eliminate the factors that resulted in the compromise of your system.

Activity framework is controlled through the Worklist Handler.

The process monitor is available to view the progress of a process.