iTRAC (workflow) involves the automation of procedures, the ability to respond to incidents. Sentinel provides a iTRAC management system that provides procedural automation of processes. Tied to iTRAC is Sentinel's activity framework. The Activity framework provides the activities that could be performed at each stage in the iTRAC process. An example of an activity is pinging a remote host or sending an email to a user.
NOTE:To use the iTRAC tab, one or more incidents are needed that have an iTRAC process assigned to them. For more information about incidents, see the Active Viewâ¢ Tab and Incidents Tab chapter.
The four stages (activities) of Sentinel's framework are:
Sentinel Administrative Role user (default: esecadm) assigns a work flow.
Collect and view data to determine if a security infraction has occurred.
Limit the scope and magnitude of the incident. Prevent the incident from getting worse.
Eliminate the factors that resulted in the compromise of your system.
Activity framework is controlled through the Worklist Handler.
The process monitor is available to view the progress of a process.