This course delivers an integrated view of security and compliance events across the entire enterprise - integrating real-time information from devices, applications, identity and access management systems and physical controls into a single console. This course explores all functional aspects of the Sentinel system in a workshop environment, and also introduces the open architecture of the correlation, collection, and incident reporting systems to enable you to begin integrating Sentinel into your existing systems.

Topics Covered

• View and filter incoming events within the Control Centre
• Analyze and investigate events for asset, vulnerability, and relationship information
• Manage the built-in incident response process
• Install and run longer-term reports against the Sentinel data store, to provide visibility into trends, policies, and compliance controls
• Plan a basic installation and understand the modules and components of the Sentinel Service-Oriented Architecture
• Manage users and roles within the Sentinel system
• Deploy and develop new correlation rules to detect network threat patterns across the enterprise
• Manage and maintain the Sentinel database
• Customize new incident response workflows to integrate with internal policies and procedures
• Understand the details of the data collection system, data access and connection methods
• Deploy and manage Collectors for new security devices types in the enterprise network
• Fine-tune and enhance existing Collectors for the local environment and to enrich the incoming data event data
• Tie together various data sources into a comprehensive information system through the data collection system using local source files and the global mapping service

Objectives
Upon completion of this course, students should be able to:

• View and filter incoming events within the Control Centre.
• Analyze and investigate events for asset, vulnerability, and relationship information
• Manage the built-in incident response process
• Manage and maintain the Sentinel database
• Fine-tune and enhance existing Collectors for the local environment and to enrich the incoming event data
• Tie together various data sources into a comprehensive information system through the data collection system using local source files ad the global mapping service.

Audience
This course covers many aspects of the Sentinel product and its functionality. This course is appropriate for Analysts who will be using the Sentinel console, administrators who will be managing the day-to-day upkeep, and developers who will be customizing the Sentinel correlation rules, reports, or collectors.

Prerequisites
There are no formal pre-requisites required for the course, but students are required to be familiar with basic concepts such as:

• Basic Networking: IP protocol/ CIDR notations, HTTP(s)/FTP and other protocols, bandwidth, VLANS, Network Address Translation, DHCP, DNS, LDAP
• Network Security Devices & Operations: AV Scanners, Intrusion Detection Systems, firewalls, vulnerability scanners, etc
• Basic Security concepts: Identity/user/ role management, access control, security policies, compliance and IT controls, incident response, encryption, reporting
• Common network threats: viruses, DOS attacks, information leaks, Trojans/ worms, buffer overflows etc
• Relational database concepts: tables, relationships and keys, joins, partitions, etc
• Basic programming concepts: Iterative logic, Boolean logic, evaluations and operators, variables and parameters, data objects, regular expressions, ASCII/Hex encoding, file/network/ process input/output, debugging

*Students should please take note that all Novell ATT Training Courses are Novell content specific for Novell courses, and students who require training on SGI products should please attend an SGI course specific to their requirements, please contact us if you are unsure.