Add the steps required to implement the content in the target Sentinel system to the Implementation tab of the Documentation frame. The steps may include instructions for the following types of implementation actions:
Populating a .csv file that is used by the mapping service for event enrichment.
Scheduling automatic report execution in the Crystal Server.
Enabling auditing on source devices.
Copying an attached script for a Execute Command Correlation Action to the appropriate location on the correlation engine(s).
After the content implementation, the content should be tested to verify that it is working as expected. Testing may require steps such as the following:
Add the steps required to test the content in the target Sentinel system to the Testing tab of the Documentation frame. The steps may include instructions for the following types of testing activities:
Run a report and verify that data is returned.
Generate a failed login in a critical server and verify that a correlated event is created and assigned to an iTRAC workflow.