Solution Packs provide a framework within which sets of content can be packaged into controls, each of which is designed to enforce a specific business or technical policy. The control can use any of the detection, filtering, alerting, and response features of Sentinel, as well as provide documentation on control status and enforcement. By managing the set of content as a unit within the control, the Solution Pack solves dependency problems and simplifies implementation.
Controls within a Solution Pack can include the following types of content:
Correlation rule deployments, including deployment status and associated Correlation rules, Correlation actions, JavaScript plug-ins and integrators, and Dynamic Lists
Reports
Filters
Searches
iTRAC workflows, including associated roles
Event enrichment, including map definitions and event meta tag configuration
Other associated files added when the Solution Pack is created, such as documentation, example report PDFs, or sample map files.
For example, a Solution Pack can package content related to governance and regulatory compliance into a comprehensible and easily enforceable framework that is easy to deploy.
Solution Packs are created with the Solution Designer application. Using this tool, a user creates the Solution Pack, associated controls and documentation, and then associates Sentinel content with each control. The entire package is then exported as a ZIP file. For more information on creating a Solution Pack and adding content to it, see Solution Designer.
The ZIP file containing the Solution Pack is first imported into an existing Sentinel system by using the Solution Packs Manager in the Sentinel Control Center. You then use the Solution Manager to install the imported Solution Pack.
The Solution Manager also displays the implementation and testing steps in the Solution Pack and tracks the status of each control. At any time, users can generate a detailed document with the implementation status for each control.You can also use the Solution Manager to install the predefined Sentinel Core Solution Pack.
NOTE:Only users in the administrator role can access the Solution Packs Manager.