Sentinel iTRAC transforms traditional security information management from a passive "alerting and viewing" role to an "actionable incident response" role by enabling organizations to define and document incident resolution processes and then guide, enforce and track resolution processes once an incident or violation has been detected.

Sentinel comes with "out-of-the-box" process templates that use the SANS Institute's guidelines for incident handling. Users can start with these pre-defined processes and configure specific activities to reflect their organization's best practices. iTRAC processes can be automatically triggered from incident creation or correlation rules or manually engaged by an authorized security or audit professional. iTRAC keeps an audit trail of all actions to support compliance reporting and historical analysis.

image\ebx_413961981.gif

A worklist provides the user with all tasks that have been assigned to the user and a process monitor provides real-time visibility into process status during a resolution process lifecycle.

iTRAC's activity framework enables users to customize automated or manual tasks for specific incident-resolution processes. The iTRAC process templates can be configured using the activity framework to match the template with an organization's best practices. Activities are executed directly from the Sentinel Control Center.

iTRAC's automation framework works using two key components:

Activity container

It automates the activities execution for the specified set of steps based on input rules

Workflow container

It automates the workflow execution based on activities through a work-list.

The input rules are based on the XPDL (XML Processing Description Language) standard and provide a formal model for expressing executable processes in a business enterprise. This standards-based approach to the implementation of business-specific rules and rule sets ensures future-proofing of process definitions for customers.

The iTRAC system uses three Sentinel 6 objects that may be defined outside the iTRAC framework:

Sentinel 6 workflows have four major components that are unique to iTRAC:

image\ebx_353381166.gif